Use Secure Sockets Layer to secure the File Transfer Protocol server

With Secure Sockets Layer (SSL) you can eliminate the exposure of transmitting passwords and data in the clear when using the i5/OS™ File Transfer Protocol (FTP) server with an FTP client that also uses SSL.

The FTP server provides enhanced security while sending and receiving files over a untrusted network. FTP server uses SSL to secure passwords and other sensitive data during an information exchange. The FTP server supports either SSL or TLS protected sessions, including client authentication and automatic sign-on.

Most SSL-enabled applications connect a client to separate TCP ports, one port for "unprotected" sessions and the other for secure sessions. However, secure FTP is a bit more flexible. A client can connect to a non-encrypted TCP port (typically TCP port 21), and then negotiate authentication and encryption options. A client can also choose a secure FTP port (typically TCP port 990), where connections are assumed to be SSL. The iSeries™ FTP server provides for both of these options.

Before you can configure the FTP server to use SSL, you must have installed the prerequisite programs and set up digital certificates on your iSeries.

Note: Create a local Certificate Authority or use DCM to configure the FTP server to use a public certificate for SSL.
  1. Create a local Certificate Authority
    You can use the IBM® Digital Certificate Manager (DCM) to create and operate a local Certificate Authority (CA) on your iSeries server. A local CA enables you to issue private certificates for applications that run on your iSeries server.
  2. Associate a certificate with the File Transfer Protocol server
    Perform this task if you did not assign a certificate to the File Transfer Protocol (FTP) server application during the creation of the local Certificate Authority (CA), or if you have configured your system to request a certificate from a public CA.
  3. Require client authentication for the File Transfer Protocol server
    If you need the File Transfer Protocol (FTP) server to authenticate clients, you can change the application specifications in IBM® Digital Certificate Manager (DCM). This step is optional.
  4. Enable Secure Socket Layer on the File Transfer Protocol server
    In order to use Secure Socket Layer (SSL) to secure your File Transfer Protocol (FTP) server, you need to complete the configuration steps first.
Parent topic: Secure File Transfer Protocol
Related concepts
Secure Sockets Layer (SSL)
SSL concepts
Prerequisite programs
Secure the FTP client with Transport Layer Security or Secure Socket Layer
Related tasks
Set up digital certificates
Use a public certificate