Using a self-signed certificate for FTPS connections

If you secure your FTP server with a self-signed certificate, you need to use that certificate for the connection. This article provides an example of how to accomplish this.

To use your own certificate for FTPS connections in xDI Designer, you need to:

  • Install the certificate to a Java keystore.

  • Configure the relevant FTP actions to use this certificate.

These instructions apply to any certificate that is not issued by widely recognized certificate authorities.

Install a certificate

To install a certificate, you must use a tool such as the Java keytool command. Use your tool to add the certificate to a keystore known by the Java Virtual Machine.

You must perform this task with the Java Virtual Machine that the Runtime uses.

Example 1. Example using keytool on the windows command line
> keytool.exe -import -alias alias01 -file D:\data\certificate.cer -keystore d:\data\myKeyStore.jks
Enter new keyfile password :
Re-enter new password :
Owner : C=FR
Issuer : C=FR
Serial Number : 0
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13 PDT 1997
Certificate Fingerprints:
         MD5:  C0:5B:B9:6F:63:1B:5E:70:4C:E3:A1:C6:0F:2B:58:68
         SHA1 : F8:44:F1:BC:9B:19:8A:FA:8A:58:D4:7C:AC:D3:16:B8:92:79:66:78
         SHA256 : F2:9D:89:02:55:4C:F5:77:E5:13:C7:5F:06:CF:0B:2C:F1:C6:04:4B:D5:1F:E4:E6:FD:9B:98:A1:F0:A3:F4:C7
Trust this certificate? [no] :  yes
Certificate added to keystore

After installing the certificate, make sure to restart the Runtime.

Configure the FTP actions

Next, configure the FTP actions so they are aware of the keystore. Define the following properties for the actions:

  • Key Store

  • Key Store Type

  • Key Store Password

For the example on this page, the properties are as follows:

  • Key Store: d:\data\myKeyStore.jks

  • Key Store Type: JKS

  • Key Store Password: <encrypted password>

You can encrypt the password with the Runtime encrypt command.