FTP and FTPS

FTP connections of the File/FTP adapter can be secured by using FTPS, which is FTP over SSL/TLS. The File/FTP adapter acts as an SSL/TLS client to the FTP server both in sender and receiver channels.

As in the case of HTTP and SSL, you first have to technically enable FTPS in the corresponding J2EE Engine by installing the appropriate libraries and certificates as described under HTTP and SSL. Then, you configure the actual certificates of the J2EE keystore used for the FTPS connection in the respective File/FTP sender and receiver channels in the Integration Directory.

Both FTP and FTPS use two TCP/IP ports, one fixed control port, and one dynamically chosen data port. For security reasons, only passive FTP is supported at the moment, where the connection is established from the client to the server, and the data port is chosen by the FTP server.

Therefore, when transmitting FTP through a firewall at the server site, this mechanism has to be taken into consideration. Even if the firewall is “FTP-aware” and able to open the respective data port dynamically, with FTPS, it might be difficult for the firewall to determine this port, because the control connection is already encrypted at the time the data port is negotiated.