uCosminexus Service Platform, Reception and Adapter Definition Guide
![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
In an FTP adapter, the use of FTPS (File Transfer Protocol over SSL/TLS) is supported for connections to FTP servers. Use of the FTPS protocol ensures that the user name and password required for authentication are encrypted, making it less likely for this information to be intercepted by third parties.
- Organization of this subsection
- (1) Settings related to FTPS
- (2) Settings related to keystores
The following describes the settings that relate to the FTPS protocol. You can apply these settings to an FTP adapter by specifying them in a request message or in the FTP-adapter runtime-environment property file. If the same setting is specified in a request message and the FTP-adapter runtime-environment property file, the setting in the request message has priority.
Table H-1 FTP-related settings
| Item |
Description |
| Whether to use FTPS |
Set whether to use standard FTP or FTPS for connections with the FTP server. By default, the system uses standard FTP. |
| Protocol used for secure communication |
Select one of the following as the protocol for secure communication:
|
| Whether to use Implicit mode for FTPS connections |
Select one of the following:
- Implicit mode
Communication is encrypted as soon as the connection is established with the FTP server.
- Explicit mode
After connecting to the FTP server, communication is encrypted from the point when an AUTH command is executed on the FTP client.
In each mode, a different port number is used for the control connection on the FTP server. For this reason, you need to change the control connection port number of the connection destination FTP server when you change the mode. |
| Whether to encrypt communication over data connections |
Set whether to encrypt communication over data connections when using FTPS for connections with the FTP server. |
| Whether to perform server authentication |
Select one of the following:
- Perform server authentication
The system checks whether the public key certificate of the connection destination FTP server can be trusted, and only proceeds if the certificate can be trusted.
- Do not perform server authentication
The system performs the requested processing without checking whether the public key certificate of the connection destination FTP server can be trusted.
|
For details on the items that can be set in a request message, see 3.3.10(1)(a) Request message format for FTP adapters. For details on the items you can set in the FTP-adapter runtime-environment property file, see FTP Adapter Execution Environment Property file in the manual Service Platform Reference Guide.
- Note
- The FTP adapter cannot connect to an FTPS server that requires client authentication.
When FTPS is used, if you use an FTP adapter to authenticate servers, a keystore (truststore) that contains trusted server certificates is required.
The truststore must contain one of the following certificates:
- Certificate for the public key of the connection destination FTP server
- If the certificate for the public key of the connection destination FTP server is issued by a CA, the certificate for the CA that issued the certificate
- If the above CA is an intermediate CA, the certificate for a CA that corresponds to any of the CAs between the intermediate CA and the root CA
For details on how to import certificates to a keystore, see the section related to keytool in the JDK documentation.
The following describes how to specify the settings related to keystore paths and passwords.
- Keystore path
- When authenticating a server, the FTP adapter searches keystores in the following order, and then authenticates the server by using the truststore that is found first:
- If the javax.net.ssl.trustStore property is specified in usrconf.properties (user property file for J2EE servers), the keystore that exists in the path specified in this system property is used.
- If a file exists in the following path, the file is used as a keystore:
service-platform-installation-directory\jdk\jre\lib\security\jssecacerts
- If a file exists in the following path, the file is used as a keystore:
service-platform-installation-directory\jdk\jre\lib\security\cacerts
- If a keystore is not found in the above locations, the server is determined to be untrusted.
- Keystore password
- If the keystore password is specified in the javax.net.ssl.trustStorePassword property of usrconf.properties (user property file for J2EE servers), the integrity of the keystore data is checked before the keystore is used.
- If the javax.net.ssl.trustStorePassword property is not specified, the keystore data is not verified.
For details on usrconf.properties (user property file for J2EE servers), see 2.4 usrconf.properties (User property file for J2EE servers) in the manual uCosminexus Application Server Definition Reference Guide.
All Rights Reserved. Copyright (C) 2015, Hitachi, Ltd.