Configure a protocol bridge for an FTPS server

Configure an FTPS server in a similar way as you configure an FTP server: create a bridge agent for the server, define the server properties, and map user credentials.

About this task

To configure an FTPS server, complete the following steps:

Procedure

1. Create a protocol bridge agent for the FTPS server by using the fteCreateBridgeAgent command. The parameters that are applicable to FTP are also applicable to FTPS but there are also three required parameters specific to FTPS:
   1. The -bt parameter. Specify FTPS as the value of this parameter.
   2. The -bts parameter for the truststore file. The command assumes that only server authentication is required and we must specify the location of the truststore file.

   The explicit form of the FTPS protocol is configured by the fteCreateBridgeAgent command by default but we can configure the implicit form by changing the protocol bridge properties file. The protocol bridge always connects to FTPS servers in passive mode.

   For more information about the fteCreateBridgeAgent command, see fteCreateBridgeAgent (create and configure an MFT protocol bridge agent).

   If we need instructions about how to create truststore files, see the IBM Developer article, Configure Secure Sockets Layer connectivity in IBM WebSphere MQ File Transfer Edition, or see the information about the keytool at the Oracle keytool documentation.

   Note: IBM WebSphere MQ File Transfer Edition (FTE) is no longer a supported product. To migrate from FTE to the Managed File Transfer component in IBM MQ, see Migrating Managed File Transfer.
2. Define the FTPS server properties within an <ftpsServer> element in the protocol bridge properties file: ProtocolBridgeProperties.xml. For more information, see Defining properties for protocol file servers using the ProtocolBridgeProperties.xml file. We can also enable client authentication by editing the protocol bridge properties file. For details of all the configuration options, see Protocol bridge properties file format.
3. Map user credentials in Managed File Transfer to user credentials on the FTPS server either by using the default credential mapping function of the protocol bridge agent or by writing your own user exit. For more information, see Mapping credentials for a file server.
4. By default, the truststore file is configured as having the JKS format; if we want to change the format, edit the protocol bridge properties file.

Example

An example entry for an FTPS server in the protocol bridge properties file is shown as follows:

<tns:serverProperties xmlns:tns="http://wmqfte.ibm.com/ProtocolBridgeProperties"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://wmqfte.ibm.com/ProtocolBridgeProperties
       ProtocolBridgeProperties.xsd">
    <tns:defaultServer name="ftpsserver.mycompany.com" />

    <tns:ftpsServer name="ftpsserver.mycompany.com" host="ftpsserver.mycompany.com" port="990" platform="windows" 
       timeZone="Europe/London" locale="en_US" fileEncoding="UTF8"
       listFormat="unix" limitedWrite="false" 
       trustStore="c:\mydirec\truststore.jks" />

    <!-- Define servers here -->
</tns:serverProperties>

What to do next

For information about the parts of the FTPS protocol that are supported and, which are not supported, see FTPS server support by the protocol bridge.

Parent topic: The protocol bridge

Related concepts

• The protocol bridge

Related tasks

• Mapping credentials for a file server by using the ProtocolBridgeCredentials.xml file
• Defining properties for protocol file servers using the ProtocolBridgeProperties.xml file

Related information

• fteCreateBridgeAgent (create and configure an MFT protocol bridge agent)
• Protocol bridge credentials file format
• Protocol bridge properties file format
• FTPS server support by the protocol bridge