[[[start#iseries_positive_pay | Up To Main Index]]] ====== Using FTPS (FTP with SSL) with Positive Pay ====== [[ http://en.wikipedia.org/wiki/Ftps | FTPS ]] is now supported in Positive Pay, with the beta release in September 2009. ===== Pre-Requisites ===== You must have a functional, fully patched copy of the IBM Digital Certificate Manager installed: **5722SS1 34 Digital Certificate Manager**. Your system should have the latest IBM [[http://www-933.ibm.com/support/fixcentral/ | cumulative PTF package]] for your current i5/OS release installed. ===== Obtaining a Certificate ===== Obtain a certificate from the bank or finanial institution to which you wish to connect via FTPS. You must obtain the certificate in .pem or .der format or convert it. Below is an example of a .pem format certificate (the example is not a valid certificate): 
-----BEGIN CERTIFICATE-----
MIIDnDCCAwWgAwIBAgIJAKmQE6Ml94whMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEgMB4G
A1UEChMXU2FsZW0gU29mdHdhcmUgU2VydmljZXMxGDAWBgNVBAMTD2Z0cC5keW9r
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCjFZO3HhRNlmSeQojX6ZC3
vzNVhDw3vFWsK8bf9aQgl5ooJqRYB1G8RPOKVdmPBoJ0ktYr4D3tm7rxRZ5ewO5m
mWyIb4yv7Qvl6lk6G7SFugzxY2FGQ29obEEj/b/Y/pZFcIrciUJ5VnE1+l+uTBl9
dUUG0mFydfTYE3Z0WMoFQQ==
-----END CERTIFICATE-----
If the certificate is not in .pem or .der format use the [[http://www.openssl.org/ | OpenSSL package]] (a free internet download) to convert. ===== Installing the Certificate ===== The **Digital Certificate Manager** is accessed throught the administration instance of the web server. If it is not already started you may start it with the command: **STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)** Then point a browser at http://:2001/, which is port 2001 on your i5 server. It may take a few minutes for the web server instance to initialize. ==== Import the Certificate ==== * From the main page select the option for the **Digital Certificate Manager**. * Select the ***SYSTEM** certificate store. * Under **Manage Certificates**, select the option to **Import Certificate**. * Specify **Certificate Authority (CA).** * Specify the **full path name** of the text file in the IFS containing the pem format certificate. * Specify a **label** for the certificate. This will be the "name" of the Certificate Authority. * The certificate should now show as imported, and the View Certificate function from the left pane should show the certificate as enabled, and should allow the display of correct information contained in the certificate. ==== Configure FTP Client to Use the Certificate ==== * From the left pane, under **Manage Applications**, select **Define CA Trust List**. * Specify **Client**. * Specify **i5/OS TCP/IP FTP Client**. * Specify the Certificate Authority created in the prior step (the certificate label). * The Define CA Trust List page should show that the FTP client trust list was updated.

At this point you should be able to manually connect from the i5's ftp client to the bank's ftp server with a secure connection. When finished end the *ADMIN instance of the web server: **ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)** ===== Configuring Positive Pay for FTPS ===== To configure FTPS for Positive Pay, take **1. Work with Positive Pay Applications** and select the application in question with option 1. From the main application screen take **F8=Configure FTP** 

                                                                    
                            Configure FTP                           
                                                                    
        Use FTP  . .: Y   Y=Yes N=No S=FTPS                         
                                                                    
        Domain. . . : ftp.informdecisions.com                               
        User Name . : myuserprofile                                 
        Password. . :                                               
        Confirm . . :                                               
                                                                    
        Target Path : /                                             
        Target File : posPay.txt                                    
                                                                    
        Port:         *DFT        *SECURE *DFT 1-65535              
        Encryption .: *NONE       *SSL *NONE                        
        FTP Mode . .: *PASSIVE    *ACTIVE *PASSIVE                  
                                                                    
   F1=Help   F12=Previous  F23=Delete
* Use FTP: Enter Y to use **unencrypted FTP**, S to use **FTPS**, and N to disable the FTP definition (enables modem transmission). * Domain: Enter the ftp url provided by the bank. This can be an IP address. * User Name: Enter the login name provided by the bank. * Password: Enter the login password provided by the bank. * Target Path: Enter the target path on the remote system. If the bank does not specify a remote directory leave blank.You can always specify '.' (without the apostrophes) to change directory to the current directory. * Target File: Enter the name you wish for the uploaded file. You have to name the file something even if the bank does not require a specific name. * Port: Specify the remote port: ***DFT** for the default for the FTP mode in use (21 for unencrypted ftp, 990 for FTPS), ***SECURE** to specify the SSL port, or enter a port number. ***DFT** will normally be the correct entry. * Encryption: Enter ***SSL** or ***NONE**. * [[http://en.wikipedia.org/wiki/File_Transfer_Protocol#Connection_methods | FTP Mode]]: Specify ***PASSIVE** for passive FTP or ***ACTIVE** for active FTP. If not instructed by the bank use ***PASSIVE** for easier transit through firewalls. ===== Using FTPS ===== ==== Extracting Data ==== You must separately extract information before transmitting. Use the **EXTRACT** command. This can be made a scheduled job; see the **WRKJOBSCDE** display. ==== Data Report ==== To print the contents of the file use the command **REPORT**. This should be run after the **EXTRACT** command. The REPORT command can be run with the defaults, in which case it will print the transmission / reception file fields in the order in which they occur in the file with minimal spacing between report columns. You can fix the column order and column starting position of the fields by specifying the report column starting positions in the command invocation. For example: 
                      Print Pos Pay Trans File Rpt (REPORT)                     
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 Positive Pay Definition  . . . .   mybanktrx     Character value               
 ID Print Column  . . . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Acct Print Column  . . . . . . .   1             *DEFAULT *OMIT INTEGER        
 Ck Nbr Print Column  . . . . . .   20            *DEFAULT *OMIT INTEGER        
 Paid Date Print Column . . . . .   40            *DEFAULT *OMIT INTEGER        
 Amt Print Column . . . . . . . .   60            *DEFAULT *OMIT INTEGER        
 Stop Date Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Cleared Date Print Column  . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Payee Print Column . . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void ID Print Column . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void Date Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void Ck Nbr Print Column . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void Amt Print Column  . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void Paid Date Print Column  . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Void Payee Print Column  . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 Trx Count Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER
One should specify the column print location of all fields in the file or none. Remember that to determine which fields are in the file consult the Positive Pay bank transmission file specification, option 1 from menu FMGPAY. ==== Transmitting Data ==== From the Positive Pay Application Definition list take option 9 on the definition you wish to transmit. You can also use the command **TRANSMIT**. This can be made a scheduled job. The conversation with the remote server is put into the job log. ---- [[[start#iseries_positive_pay | Up To Main Index]]]