Scenario: Securing File Transfer Protocol with Secure Sockets Layer

Situation

Suppose that you work for MyCo, a company that researches startup companies and sells the research to companies in the investment planning industry. One such company, TheirCo, needs the services that MyCo provides, and would like to receive research reports through FTP. MyCo always ensures the privacy and security of the data it disperses to its customers--whatever the format. In this case, MyCo needs SSL-secured FTP sessions with TheirCo.

Objectives

The following items are your objectives in this scenario:

• Create and operate a local certificate authority (CA) on the MyCo system.
• Enable SSL for MyCo's FTP server.
• Export a copy of MyCo's local CA certificate to a file.
• Create an *SYSTEM certificate store on TheirCo's system.
• Import MyCo's local CA certificate into TheirCo's *SYSTEM certificate store.
• Specify MyCo's local CA as a trusted CA for TheirCo's FTP client.

Prerequisites

MyCo

• A IBM i product is running the IBM i operating system.
• The IBM TCP/IP Connectivity Utilities for IBM i (5770-TC1) is installed on the system.
• The IBM Digital Certificate Manager (DCM) (5770-SS1 option 34) is installed on the system.
• The IBM HTTP Server (5770-DG1) is installed on the system.
• The system uses certificates to protect access to public applications and resources.

TheirCo

• A IBM i product is running the IBM i operating system.
• The TCP/IP Connectivity Utilities for i5/OS (5770-TC1) is installed on the system.
• The IBM Digital Certificate Manager (5770-SS1 option 34) is installed on the system.
• The IBM HTTP Server (5770-DG1) is installed on the system.
• The system uses an IBM i operating system with a TCP/IP FTP client for FTP sessions.

Details

TheirCo uses an i5/OS operating system with an FTP client to request a secure FTP file transfer from MyCo's FTP server. The server is authenticated. TheirCo receives financial reports from MyCo by using an SSL-secured FTP session.