inFORM Decisions Information Portal

User Tools

Site Tools

Trace:
pub:pospayftps

Differences

This shows you the differences between two versions of the page.


pub:pospayftps [2022/06/25 17:02] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +<html>&#091;</html>[[start#iseries_positive_pay | Up To Main Index]]<html>&#093;</html>
 +
 +====== Using FTPS (FTP with SSL) with Positive Pay ======
 +
 +[[ http://en.wikipedia.org/wiki/Ftps | FTPS ]] is now supported in Positive Pay, with the beta release in September 2009.
 +
 +
 +===== Pre-Requisites =====
 +
 +You must have a functional, fully patched copy of the IBM Digital Certificate Manager installed:
 +**5722SS1 34 Digital Certificate Manager**. 
 +
 +Your system should have the latest IBM [[http://www-933.ibm.com/support/fixcentral/ | cumulative PTF package]] for your current i5/OS release installed.
 +
 +
 +
 +
 +
 +===== Obtaining a Certificate =====
 +
 +Obtain a certificate from the bank or finanial institution to which you wish to connect via FTPS.
 +You must obtain the certificate in .pem or .der format or convert it. Below is an example
 +of a .pem format certificate (the example is not a valid certificate):
 +
 +<html><pre>
 +-----BEGIN CERTIFICATE-----
 +MIIDnDCCAwWgAwIBAgIJAKmQE6Ml94whMA0GCSqGSIb3DQEBBQUAMIGRMQswCQYD
 +VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEgMB4G
 +A1UEChMXU2FsZW0gU29mdHdhcmUgU2VydmljZXMxGDAWBgNVBAMTD2Z0cC5keW9r
 +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCjFZO3HhRNlmSeQojX6ZC3
 +vzNVhDw3vFWsK8bf9aQgl5ooJqRYB1G8RPOKVdmPBoJ0ktYr4D3tm7rxRZ5ewO5m
 +mWyIb4yv7Qvl6lk6G7SFugzxY2FGQ29obEEj/b/Y/pZFcIrciUJ5VnE1+l+uTBl9
 +dUUG0mFydfTYE3Z0WMoFQQ==
 +-----END CERTIFICATE-----
 +</pre></html>
 +
 +If the certificate is not in .pem or .der format use the [[http://www.openssl.org/ | OpenSSL package]] (a free internet download) to convert.
 +
 +
 +===== Installing the Certificate =====
 +
 +The **Digital Certificate Manager** is accessed throught the administration instance of the web server. If it is not already started you may start it with the command:
 +
 +**STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)**
 +
 +Then point a browser at http://<i5 IP>:2001/, which is port 2001 on your i5 server. It may take a few minutes for the web server instance to initialize.
 +
 +
 +==== Import the Certificate ====
 +
 +
 +  * From the main page select the option for the **Digital Certificate Manager**.
 +
 +  * Select the ***SYSTEM** certificate store.
 +
 +  * Under **Manage Certificates**, select the option to **Import Certificate**.
 +
 +  * Specify **Certificate Authority (CA).**
 +
 +  * Specify the **full path name** of the text file in the IFS containing the pem format certificate.
 +
 +  * Specify a **label** for the certificate. This will be the "name" of the Certificate Authority.
 +
 +  * The certificate should now show as imported, and the View Certificate function from the left pane should show the certificate as enabled, and should allow the display of correct information contained in the certificate.
 +
 +
 +
 +
 +
 +
 +
 +==== Configure FTP Client to Use the Certificate ====
 +
 +  * From the left pane, under **Manage Applications**, select **Define CA Trust List**.
 +
 +  * Specify **Client**.
 +
 +  * Specify **i5/OS TCP/IP FTP Client**.
 +
 +  * Specify the Certificate Authority created in the prior step (the certificate label).
 +
 +  * The Define CA Trust List page should show that the FTP client trust list was updated.
 +
 +<html><p></html>
 +
 +At this point you should be able to manually connect from the i5's ftp client to the bank's ftp server with a secure connection.
 +
 +When finished end the *ADMIN instance of the web server: **ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)**
 +
 +
 +
 +
 +===== Configuring Positive Pay for FTPS =====
 +
 +To configure FTPS for Positive Pay, take
 +
 +**1. Work with Positive Pay Applications**
 +
 +and select the application in question with option 1. From the main application screen take 
 +
 +**F8=Configure FTP**
 +
 +<html><pre>
 +                                                                    
 +                            Configure FTP                           
 +                                                                    
 +        Use FTP  . .: Y   Y=Yes N=No S=FTPS                         
 +                                                                    
 +        Domain. . . : ftp.informdecisions.com                               
 +        User Name . : myuserprofile                                 
 +        Password. . :                                               
 +        Confirm . . :                                               
 +                                                                    
 +        Target Path : /                                             
 +        Target File : posPay.txt                                    
 +                                                                    
 +        Port:         *DFT        *SECURE *DFT 1-65535              
 +        Encryption .: *NONE       *SSL *NONE                        
 +        FTP Mode . .: *PASSIVE    *ACTIVE *PASSIVE                  
 +                                                                    
 +   F1=Help   F12=Previous  F23=Delete                               
 +                                                                    
 +                                                                    
 +</pre></html>
 +
 +  * Use FTP: Enter Y to use **unencrypted FTP**, S to use **FTPS**, and N to disable the FTP definition (enables modem transmission).
 +  * Domain: Enter the ftp url provided by the bank. This can be an IP address.
 +  * User Name: Enter the login name provided by the bank.
 +  * Password: Enter the login password provided by the bank.
 +  * Target Path: Enter the target path on the remote system. If the bank does not specify a remote directory leave blank.You can always specify '.' (without the apostrophes) to change directory to the current directory.
 +  * Target File: Enter the name you wish for the uploaded file. You have to name the file something even if the bank does not require a specific name.
 +  * Port: Specify the remote port: ***DFT** for the default for the FTP mode in use (21 for unencrypted ftp, 990 for FTPS), ***SECURE** to specify the SSL port, or  enter a port number. ***DFT** will normally be the correct entry.
 +  * Encryption: Enter ***SSL** or ***NONE**.
 +  * [[http://en.wikipedia.org/wiki/File_Transfer_Protocol#Connection_methods | FTP Mode]]: Specify ***PASSIVE** for passive FTP or ***ACTIVE** for active FTP. If not instructed by the bank use ***PASSIVE** for easier transit through firewalls.
 +
 +
 +===== Using FTPS =====
 +
 +==== Extracting Data ====
 +
 +You must separately extract information before transmitting. Use the **EXTRACT** command. This can be made a scheduled job; see the **WRKJOBSCDE** display.
 +
 +
 +
 +==== Data Report ====
 +
 +To print the contents of the file use the command **REPORT**. This should be run after the **EXTRACT** command.
 +
 +The REPORT command can be run with the defaults, in which case it will print the transmission / reception
 +file fields in the order in which they occur in the file with minimal spacing between report columns.
 +You can fix the column order and column starting position of the fields by specifying the report column
 +starting positions in the command invocation.
 +
 +For example:
 +<html><pre>
 +                      Print Pos Pay Trans File Rpt (REPORT)                     
 +                                                                                
 + Type choices, press Enter.                                                     
 +                                                                                
 + Positive Pay Definition  . . . .   mybanktrx     Character value               
 + ID Print Column  . . . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Acct Print Column  . . . . . . .               *DEFAULT *OMIT INTEGER        
 + Ck Nbr Print Column  . . . . . .   20            *DEFAULT *OMIT INTEGER        
 + Paid Date Print Column . . . . .   40            *DEFAULT *OMIT INTEGER        
 + Amt Print Column . . . . . . . .   60            *DEFAULT *OMIT INTEGER        
 + Stop Date Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Cleared Date Print Column  . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Payee Print Column . . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void ID Print Column . . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void Date Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void Ck Nbr Print Column . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void Amt Print Column  . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void Paid Date Print Column  . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Void Payee Print Column  . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 + Trx Count Print Column . . . . .   '*DEFAULT'    *DEFAULT *OMIT INTEGER        
 +</pre></html>
 +
 +One should specify the column print location of all fields in the file or none. Remember that to determine which fields are in the file consult the Positive Pay bank transmission file specification, option 1 from menu FMGPAY.
 +
 +
 +
 +==== Transmitting Data ====
 +
 +
 +From the Positive Pay Application Definition list take option 9 on the definition you wish to transmit. You can also use the command **TRANSMIT**. This can be made a scheduled job. The conversation with the remote server is put into the job log.
 +
 +
 +----
 +
 +<html>&#091;</html>[[start#iseries_positive_pay | Up To Main Index]]<html>&#093;</html>