Scenario: Secure File Transfer Protocol with Secure Sockets Layer

Use Secure Sockets Layer (SSL) to secure data being transferred to your partner company.

Situation

Suppose that you work for MyCo, a company that researches startup companies and sells the research to companies in the investment planning industry. One such company, TheirCo, needs the services that MyCo provides, and would like to receive research reports through File Transfer Protocol (FTP). MyCo has always ensured the privacy and security of the data it disperses to its customers--whatever the format. In this case, MyCo needs SSL-secured FTP sessions with TheirCo.

Objectives

The following items are your objectives in this scenario:

Create and operate a local Certificate Authority on the MyCo iSeries™ server
Enable SSL for MyCo's FTP server
Export a copy of MyCo's local CA certificate to a file
Create a *SYSTEM certificate store on TheirCo's server
Import MyCo's local CA certificate into TheirCo's *SYSTEM certificate store
Specify MyCo's local CA as a trusted CA for TheirCo's FTP client

Prerequisites

MyCo

Has an iSeries server that is running on OS/400^® V5R1 or later of i5/OS™ operating system.
Has the V5R1 or later TCP/IP Connectivity Utilities (5722-TC1) installed on the iSeries server.
Has the Cryptographic Access Provider 128-bit for iSeries server (5722-AC3) installed on their iSeries server.
Has the IBM^® Digital Certificate Manager (DCM) (5722-SS1 option 34) installed on the iSeries server.
Has the IBM HTTP Server (5722-DG1) installed on the iSeries server.
Uses certificates to protect access to public applications and resources.

TheirCo

Has an iSeries server that is running OS/400 V5R2 or later of the operating system.
Has the V5R2 TCP/IP Connectivity Utilities (5722-TC1) installed on the iSeries server.
Has the Cryptographic Access Provider 128-bit for iSeries server (5722-AC3) installed on their iSeries server.
Has the IBM Digital Certificate Manager (5722-SS1 option 34) installed on the iSeries server.
Has the IBM HTTP Server (5722-DG1) installed on the iSeries server.
Uses an i5/OS operating system with a TCP/IP FTP client for FTP sessions.

Details

TheirCo uses an i5/OS operating system with a FTP client to request a secure FTP file transfer from MyCo's FTP server. The server is authenticated. TheirCo receives financial reports from MyCo by using an SSL-secured FTP session.