Some FTPS servers require a Certificate for connecting. This article provides information on how to implement this.
The idea is to:
- install the Certificate in the Runtime's Java Store - Java needs to know the certificate.
- configure the FTP action for using this certificate.
Installing the Certificate
This example concerns a ".cer" certificate file, containing data enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
We are going to install this certificate file, using the java "keytool" binary tool. Click on this link for more information on keytool.
This has to be done on the Java JVM which is used by the Runtime. Once the certificate is installed, make sure to restart the Runtime.
Example (Windows command line):
Enter new keyfile password :
Re-enter new password :
Owner : C=FR
Issuer : C=FR
Serial Number : 0
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PDT 1997
Certificate Fingerprints:
MD5: C0:5B:B9:6F:63:1B:5E:70:4C:E3:A1:C6:0F:2B:58:68
SHA1 : F8:44:F1:BC:9B:19:8A:FA:8A:58:D4:7C:AC:D3:16:B8:92:79:66:78
SHA256 : F2:9D:89:02:55:4C:F5:77:E5:13:C7:5F:06:CF:0B:2C:F1:C6:04:4B:D5:1F:E4:E6:FD:9B:98:A1:F0:A3:F4:C7
Trust this certificate? [no] : yes
Certificate added to keystore
This will create the d:\data\myKeyStore.jks file, which contains the certificate. You will be able to add more certificates to this .jks file, using keytool again.
Configuring the FTP action
We need to tell the FTP action that it should use the KEY_STORE we just created.
This is done by adding the following properties to the FTP Action:
- KEY_STORE: d:\data\myKeyStore.jks
- KEY_STORE_TYPE: JKS
- KEY_STORE_PASSWORD: <encrypted password>
Note: the password can be encrypted using the Runtime's encrypt <password> command.