Configuring Control-M MFT for server authentication

This procedure describes how to configure Control-M MFT for server authentication. To implement server authentication, you must import the CA belonging to each of the FTP over SSL/TLS servers to which Control-M MFT keystore.

To configure Control-M MFT for server authentication:

1. Set the host security level to Level 3.
2. Copy the FTP over SSL/TLS server CA file to a temporary location on the computer on which Control-M MFT is installed.
3. Navigate to the following location:

   <Control-M/Agent home directory>/cm/AFT/JRE_LINK/bin/

4. Import the certificate for the CA as follows:
   • FIPS ON: ./keytool -J-Dcm.home=”<Agent_Home>/cm/AFT/” -J-Dorg.bouncycastle.fips.approved_only=true -importcert -alias <server_alias> -file <server_certificate_file> -keystore <keystore_file> -storepass <password> -storetype BCFKS -providerName BCFIPS
   • FIPS OFF:./keytool -J-Dcm.home=”<Agent_Home>/cm/AFT/” -importcert -alias <server_alias> -file <server_certificate_file> -keystore <keystore_file> -storepass <password> -storetype pkcs12 -providerName BCFIP

   NOTE: Ensure that the certificate is valid before you import it as a trusted certificate. View it with the keytool -printcert command or the keytool -importcert command without the -noprompt option, and verify that the displayed certificate fingerprints match the expected ones.