cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FTPS setup confusion .

Former Member

on ‎03-02-2008 1:28 PM

0 Kudos

Hello,

For FTPS receiver for secure connection:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4...

What is concept of FTPS and client and server certificates

server certificate --- how and where to deploy

client certificate -- how and where to deploy

How FTPS is differnet from SFTP.

Thanks in advance for responses.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎03-02-2008 1:41 PM
0 Kudos

Hi,

Secured FTP is proprietary in its implementation, even though the encryption algorithms are standard.

SFTP vs. FTPS in SAP PI

/people/krishna.moorthyp/blog/2007/07/31/sftp-vs-ftps-in-sap-pi

If we just recollect our network programming in the college and remember TCP layer stack then we can differentiate the protocols very easily:)

1.SFTP-> Supports Network Layer Security

2.FTPS->Supports Transport Layer Security

SEEBURGER AG (www.seeburger.de) offers an SFTP/SCP adapter for SAP XI.

This adapter is fully integrated in the SAP XI adapter framework.

FTPS, which is FTP over SSL/TLS. The File/FTP adapter acts as an SSL/TLS client to the FTP server both in sender and receiver channels.

Check these...

http://help.sap.com/saphelp_nw04s/helpdata/en/43/0e16bfd7b021aee10000000a1553f6/frameset.htm

http://help.sap.com/saphelp_nw04s/helpdata/en/43/0e16bfd7b021aee10000000a1553f6/frameset.htm

http://help.sap.com/saphelp_erp2005/helpdata/en/e3/94007075cae04f930cc4c034e411e1/frameset.htm

http://help.sap.com/saphelp_erp2005/helpdata/en/bc/bb79d6061007419a081e58cbeaaf28/frameset.htm

Thanks

Swarup

Show replies
Show replies
Former Member
‎03-02-2008 2:00 PM
0 Kudos

Hi Swarup,

SFTP uses SSH for a secure connection for secure file transfer.

FTPS which is standard FTP using a SSL/TSL for secure file transfer

Please tell me following things:

1. Can you please tell me basic differences between the two so that I

can discuss with my client as both are used for secure file transfer.

2. For FTPS secure connection I am reading this blog:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4...

I have downloaded Java Crytpgraphic kit and done the SSL part

I am not able to understand Certificate portion as given in blog:

a. There is creation of Server Public-Private Key Pair and

then there is creation of Client Public-Private Key Pair.?

Suppose there is

File Sender System --- xi ---File Receiver System

Pls let me know which certificate to install at which place.

Thanks in advance

Former Member
‎03-02-2008 2:41 PM
0 Kudos

Hi,

1. Can you please tell me basic differences

---> You are right SFTP is on SSH and FTPS is over SSL(Secure Socket Layer)

SSH and SSL are two different secure ways of communications.

SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. An attacker who has managed to take over a network can only force ssh to disconnect. He or she cannot play back the traffic or hijack the connection when encryption is enabled.

It means the SSH provides you secure Host for communication and the encription level will be for the Network.

In SSL, you use encryption for the data only. Thus you will encrypt the data for transporting it across.

While in SSH the whole pipeline is encrypted so no need of using any encryption for the data.

These are two different ways of encryption either data wise or for Network specific encryption.

a. There is creation of Server Public-Private Key Pair and

then there is creation of Client Public-Private Key Pair.?

Here of SSL layer security you need to create the Trust relationship.

Thus for your scenario File to XI to File

you need to make configuration at two stages

one File to XI ---> Here Server Public-Private Key Pair as File side will be server and for XI it will be client.

Similarly vice versa for XI to File you need to do same settings.

Thnaks

Swarup

Former Member
‎03-02-2008 3:09 PM
0 Kudos

Hi Swarup,

Very good answer thanks!!!

Two different ways of encryption

data wise --- it is SSL -- ok

Network specific encryption -- it is SSH -- ok.

*Ques*

Pls advice which one is more realiable.

You suggested for File -- XI:

a. Server Public-Private Key Pair --- Sender File System will be Server

b. Client Public-Private Key Pair --- *XI will be Client*

So I generated Server Public Private Key Pair (Sender File System) and Client Public-Private Key Pair (XI) in my XI Visual Administartor.

*Ques*. Pls open and explain link

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4...

a. Pg -- 38 Export of the generated Private Key to file? -- pls explain

b. Pg -- 39 Import of the Private Key to the browser ? -- pls explain

Similarly for XI --- File

Ques

a. Do I need to generate one more Server Public-Private Key

Pair and Client Public-Private Key Pair?

b. If yes then Server will be Receiver File System and Client

will be again XI.?

c. Do I need to folllow again Pg 38 and Pg 39.?

Pls suggest

Edited by: Henry A on Mar 2, 2008 4:10 PM

Edited by: Henry A on Mar 2, 2008 4:11 PM

Former Member
‎03-02-2008 3:18 PM
0 Kudos

Hi,

The both communications are reliable but its always preferrable to go for SSL as just specific data will be encrypted instead of whole network. If the frequency of transactions is more then its good to go for SSH else go of SSL.

Its surprising, Can you see the any of Kystore values in Visual Admin.

If just your Key stored value installed one is missing then you might have missed up any of the step.

For exporting the key to file you could even directly copy and paste it in notepad to save it with extension .p12

Thanks

Swarup

Former Member
‎03-02-2008 3:32 PM
0 Kudos

Hi Swaup,

I think so you did not get me.

You suggested for File -- XI:

a. Server Public-Private Key Pair --- Sender File System will be Server

b. Client Public-Private Key Pair --- XI will be Client

c. This will be created in in XI Visual Admin

--- Am I correct?

Pls open link

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4...

*Ques*

a. Pg -- 38 Export of the generated Private Key to file?

*Do I need to export Client (XI) Private Key to Sender File System.*

b. Pg -- 39 Import of the Private Key to the browser ?

Do I need to import Client (XI) Private Key to Sender File System

c. Pls explain step in Pg -40

Similarly for XI --- File

Ques

a. Do I need to generate one more Server Public-Private Key

Pair and Client Public-Private Key Pair in XI Visual Admin.?

b. If yes then Server will be Receiver File System and Client

will be again XI.?

c. Do I need to folllow again Pg 38 ,Pg 39 and Pg -40?

Pls corrcet me if I am wrong.

Thanks

Former Member
‎03-02-2008 3:55 PM
0 Kudos

Hi,

Yes you are right.

The configurations mentioned on Page 38 to 40 are to setup in XI then import to the local PC in Internet explorer.

You could install these keys to the FTP server if the FTP server is on the local PC and have configured with IIS feature of Windows then the mentioned steps are right. If the FTP server is different then based on the fTP host you need to import these keys.

You need to import these on the client side as 1st it will be on server side and client will send the request to server and verification will be as per srver CAs.

Thanks

Swarup

Former Member
‎03-02-2008 4:04 PM
0 Kudos

For File --- XI Case

Client will be --- XI

Server will be --- File Sender System which has FTP server installed (different system)

Question

a. Pg -- 38 Export of the generated Private Key to file?

Do I need to export Client (XI) Private Key to (Server) Sender File System

where my FTP server is installed?

b. Pg -- 39 Import of the Private Key to the browser ?

Do I need to import Client (XI) Private Key to (Server) Sender File System

where my FTP server is installed ?.

c. Pls explain step in Pg -40

Similarly for XI --- File Case

Client will be --- XI

Server will be --- File Receiver System which has FTP server installed (different system)

Question

a. Do I need to generate one more Server Public-Private Key

Pair and Client Public-Private Key Pair in XI Visual Admin.?

b. If yes then Server will be Receiver File System and Client

will be again XI.?

c. Do I need to folllow again Pg 38 ,Pg 39 and Pg -40?

Edited by: Henry A on Mar 2, 2008 5:13 PM

Former Member
‎03-02-2008 4:19 PM
0 Kudos

HI Henry A ,

Don't get confuse with the installation of public -private Keys on client as well as server side.

Lets consider File to XI communication,

Here your Sender FTP system is to be configured for FTPS connectivity. It means you will be mainatining the Public and Private keys in Sender. Same Keys have to be installed on XI side.

If in case its not configured then you could use the Keys avaialble in XI on the sender side also.

But in File to XI.....It depends how you will be trating it either File as server or XI as client.

Generally File to XI scenario comes with keys to be installed in XI as client.

You could use the same keys on XI to File communication also.

Now I think its clear to you. The bottom line is for validation between two systems you need to maintain Trust relationship. Then setup same keys on sender and receiver side as well as in XI either as client or Server.

If this will be only file to XI to file only then I don't think you can treat XI as either server or client will not affect much.

Thanks

Swarup

Former Member
‎03-02-2008 4:32 PM
0 Kudos

Hi Swarup,

Can I continuw this discussion after 1 hour as I am going home.

I will again talk to u on this post after 1-2 hours.

Best Regards

Former Member
‎03-02-2008 7:01 PM
0 Kudos

Hi Swarup,

I am back!!

Currently consider only File to XI communication now.

The bottom line is for validation between two systems you need to maintain Trust relationship. -- ok

Suppose Sender FTP system as Server and XI as Client.

We go point by point: for this link:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4...

1. In the visual admin of XI I will make Public and Private keys of Sender FTP system as Server.

2. In the visual admin of XI I will make Public and Private keys of Receiver XI as Client.

3.If my step 1 and step 2 are correct pls let me know

the next steps (like Export keys and import keys )

for File to XI part.

We will discuss XI to File part in next question.

I am going currently I will discuss with you tomorrow morning again.

Best Regards

Best Regards

Edited by: Henry A on Mar 2, 2008 8:25 PM

Edited by: Henry A on Mar 2, 2008 8:26 PM

Ask a Question