FTPS is now supported in Positive Pay, with the beta release in September 2009.
You must have a functional, fully patched copy of the IBM Digital Certificate Manager installed: 5722SS1 34 Digital Certificate Manager.
Your system should have the latest IBM cumulative PTF package for your current i5/OS release installed.
Obtain a certificate from the bank or finanial institution to which you wish to connect via FTPS. You must obtain the certificate in .pem or .der format or convert it. Below is an example of a .pem format certificate (the example is not a valid certificate):
-----BEGIN CERTIFICATE----- MIIDnDCCAwWgAwIBAgIJAKmQE6Ml94whMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEgMB4G A1UEChMXU2FsZW0gU29mdHdhcmUgU2VydmljZXMxGDAWBgNVBAMTD2Z0cC5keW9r DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCjFZO3HhRNlmSeQojX6ZC3 vzNVhDw3vFWsK8bf9aQgl5ooJqRYB1G8RPOKVdmPBoJ0ktYr4D3tm7rxRZ5ewO5m mWyIb4yv7Qvl6lk6G7SFugzxY2FGQ29obEEj/b/Y/pZFcIrciUJ5VnE1+l+uTBl9 dUUG0mFydfTYE3Z0WMoFQQ== -----END CERTIFICATE-----
If the certificate is not in .pem or .der format use the OpenSSL package (a free internet download) to convert.
The Digital Certificate Manager is accessed throught the administration instance of the web server. If it is not already started you may start it with the command:
STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
Then point a browser at http:<i5 IP>:2001/, which is port 2001 on your i5 server. It may take a few minutes for the web server instance to initialize.
==== Import the Certificate ====
* From the main page select the option for the Digital Certificate Manager.
* Select the *SYSTEM certificate store.
* Under Manage Certificates, select the option to Import Certificate.
* Specify Certificate Authority (CA).
* Specify the full path name of the text file in the IFS containing the pem format certificate.
* Specify a label for the certificate. This will be the “name” of the Certificate Authority.
* The certificate should now show as imported, and the View Certificate function from the left pane should show the certificate as enabled, and should allow the display of correct information contained in the certificate.
==== Configure FTP Client to Use the Certificate ====
* From the left pane, under Manage Applications, select Define CA Trust List.
* Specify Client.
* Specify i5/OS TCP/IP FTP Client.
* Specify the Certificate Authority created in the prior step (the certificate label).
* The Define CA Trust List page should show that the FTP client trust list was updated.
At this point you should be able to manually connect from the i5's ftp client to the bank's ftp server with a secure connection.
When finished end the *ADMIN instance of the web server: ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)
===== Configuring Positive Pay for FTPS =====
To configure FTPS for Positive Pay, take
1. Work with Positive Pay Applications
and select the application in question with option 1. From the main application screen take
F8=Configure FTP
Configure FTP
Use FTP . .: Y Y=Yes N=No S=FTPS
Domain. . . : ftp.informdecisions.com
User Name . : myuserprofile
Password. . :
Confirm . . :
Target Path : /
Target File : posPay.txt
Port: *DFT *SECURE *DFT 1-65535
Encryption .: *NONE *SSL *NONE
FTP Mode . .: *PASSIVE *ACTIVE *PASSIVE
F1=Help F12=Previous F23=Delete
* Use FTP: Enter Y to use unencrypted FTP, S to use FTPS, and N to disable the FTP definition (enables modem transmission).
* Domain: Enter the ftp url provided by the bank. This can be an IP address.
* User Name: Enter the login name provided by the bank.
* Password: Enter the login password provided by the bank.
* Target Path: Enter the target path on the remote system. If the bank does not specify a remote directory leave blank.You can always specify '.' (without the apostrophes) to change directory to the current directory.
* Target File: Enter the name you wish for the uploaded file. You have to name the file something even if the bank does not require a specific name.
* Port: Specify the remote port: *DFT for the default for the FTP mode in use (21 for unencrypted ftp, 990 for FTPS), *SECURE to specify the SSL port, or enter a port number. *DFT will normally be the correct entry.
* Encryption: Enter *SSL or *NONE.
* FTP Mode: Specify *PASSIVE for passive FTP or *ACTIVE for active FTP. If not instructed by the bank use *PASSIVE for easier transit through firewalls.
===== Using FTPS =====
==== Extracting Data ====
You must separately extract information before transmitting. Use the EXTRACT command. This can be made a scheduled job; see the WRKJOBSCDE display.
==== Data Report ====
To print the contents of the file use the command REPORT. This should be run after the EXTRACT command.
The REPORT command can be run with the defaults, in which case it will print the transmission / reception
file fields in the order in which they occur in the file with minimal spacing between report columns.
You can fix the column order and column starting position of the fields by specifying the report column
starting positions in the command invocation.
For example:
Print Pos Pay Trans File Rpt (REPORT)
Type choices, press Enter.
Positive Pay Definition . . . . mybanktrx Character value
ID Print Column . . . . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Acct Print Column . . . . . . . 1 *DEFAULT *OMIT INTEGER
Ck Nbr Print Column . . . . . . 20 *DEFAULT *OMIT INTEGER
Paid Date Print Column . . . . . 40 *DEFAULT *OMIT INTEGER
Amt Print Column . . . . . . . . 60 *DEFAULT *OMIT INTEGER
Stop Date Print Column . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Cleared Date Print Column . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Payee Print Column . . . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void ID Print Column . . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void Date Print Column . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void Ck Nbr Print Column . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void Amt Print Column . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void Paid Date Print Column . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Void Payee Print Column . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
Trx Count Print Column . . . . . '*DEFAULT' *DEFAULT *OMIT INTEGER
One should specify the column print location of all fields in the file or none. Remember that to determine which fields are in the file consult the Positive Pay bank transmission file specification, option 1 from menu FMGPAY.
==== Transmitting Data ====
From the Positive Pay Application Definition list take option 9 on the definition you wish to transmit. You can also use the command TRANSMIT. This can be made a scheduled job. The conversation with the remote server is put into the job log.
—-
[ Up To Main Index]