Configuring Control-M for AFT for server authentication

This procedure describes how to configure Control-M AFT for server authentication. To implement server authentication, you must import the CA belonging to each of the FTP over SSL/TLS servers to which Control-M AFT keystore.

To configure Control-M AFT for server authentication:

1. Set the host security level to Level 3.
2. Copy the FTP over SSL/TLS server CA file to a temporary location on the computer on which Control-M AFT is installed.
3. Navigate to the following location:

   <Control-M/Agent home directory>/cm/AFT/JRE/bin/

4. Import the certificate for the CA as follows:

   ./keytool -J-Dcm.home=”<Agent_Home>/cm/AFT/” -importcert -alias <server_alias> -file <server_certificate_file> -keystore <keystore_file> -storepass <password> -storetype [pkcs12|jks] - providerName BC

   NOTE: The default for -storepass is password and the default for -storetype is PKCS12.

   NOTE: Ensure that the certificate is valid before you import it as a trusted certificate. View it with the keytool -printcert command or the keytool -importcert command without the -noprompt option, and verify that the displayed certificate fingerprints match the expected ones.

   NOTE: The NSS library is used on Linux platforms by the product to streamline file transfer performance. However, it requires a certain level of the runtime libraries. If the runtime level is not sufficient, an error message such as the following appears:

   Turn off the NSS usage by running ctmnss off.