Configuring a protocol bridge for an FTPS server

Configure an FTPS server in a similar way as you configure an FTP server: create a bridge agent for the server, define the server properties, and map user credentials.

About this task

To configure an FTPS server, complete the following steps:

Procedure

  1. Create a protocol bridge agent for the FTPS server by using the fteCreateBridgeAgent command. The parameters that are applicable to FTP are also applicable to FTPS but there are also three required parameters specific to FTPS:
    1. The -bt parameter. Specify FTPS as the value of this parameter.
    2. The -bts parameter for the truststore file. The command assumes that only server authentication is required and you must specify the location of the truststore file.

    The explicit form of the FTPS protocol is configured by the fteCreateBridgeAgent command by default but you can configure the implicit form by changing the protocol bridge properties file. The protocol bridge always connects to FTPS servers in passive mode.

    For more information about the fteCreateBridgeAgent command, see fteCreateBridgeAgent (create and configure IBM MQ Managed File Transfer protocol bridge agent).

    If you need instructions about how to create truststore files, see the IBM® Developer article, Configuring Secure Sockets Layer connectivity in WebSphere® MQ File Transfer Edition, or see the information about the keytool at the Oracle keytool documentation.

  2. Define the FTPS server properties within an <ftpsServer> element in the protocol bridge properties file: ProtocolBridgeProperties.xml. For more information, see Defining properties for protocol file servers using the ProtocolBridgeProperties.xml file. You can also enable client authentication by editing the protocol bridge properties file. For details of all the configuration options, see Protocol bridge properties file format.
  3. Map user credentials in IBM MQ Managed File Transfer to user credentials on the FTPS server either by using the default credential mapping function of the protocol bridge agent or by writing your own user exit. For more information, see Mapping credentials for a file server.
  4. By default, the truststore file is configured as having the JKS format; if you want to change the format, edit the protocol bridge properties file.

Example

An example entry for an FTPS server in the protocol bridge properties file is shown as follows: 
<tns:serverProperties xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeProperties"
       xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeProperties
       ProtocolBridgeProperties.xsd">
    <tns:defaultServer name="ftpsserver.mycompany.com"/>

    <tns:ftpsServer name="ftpsserver.mycompany.com" host="ftpsserver.mycompany.com" port="990" platform="windows" 
       timeZone="Europe/London" locale="en_US" fileEncoding="UTF8"
       listFormat="unix" limitedWrite="false" 
       trustStore="c:\mydirec\truststore.jks"/>

    <!-- Define servers here -->
</tns:serverProperties>

What to do next

For information about the parts of the FTPS protocol that are supported and, which are not supported, see FTPS server support by the protocol bridge.