Configuring Control-M for AFT for client authentication

This procedure describes how to configure Control-M for AFT for client authentication that allows the server to authenticate Control-M for AFT. You can either use the Control-M for AFT Certificate of Authentication (CA), or you can use one supplied by an outside vendor.

Before you begin

• Ensure that you have an FTP over SSL/TLS server installed and configured.
• Determine whether your server requires:
  • Client authentication
  • Server authentication
  • Client and Server authentication
  • None of the above.

To configure Control-M for AFT for client authentication:

1. Set the host security level to Level 4.
2. Configure Control-M for AFT for server authentication, as described in Configuring Control-M for AFT for server authentication.
3. Do one of the following:
   • To use the Control-M for AFT CA, use your server’s Import utility to import aftca.pem file from the following location:

     <Control-M/Agent home directory>/cm/AFT/data/SSL/cert

   • To use an alternative CA, you must configure Control-M for AFT so that this CA is recognized by the application. The following procedure describes how to do this.

   NOTE: All commands described in the following procedures are written for UNIX users. Users of Microsoft Windows must ensure that when following these commands, all occurrences of a foreslash ("/") are changed to a backslash ("\").