Configuring Control-M MFT for server authentication
This procedure describes how to configure Control-M MFT for server authentication. To implement server authentication, you must import the CA belonging to each of the FTP over SSL/TLS servers to which Control-M MFT keystore.
To configure Control-M MFT for server authentication:
Set the host security level to Level 3.
Copy the FTP over SSL/TLS server CA file to a temporary location on the computer on which Control-M MFT is installed.
Navigate to the following location:
<Control-M/Agent home directory>/cm/AFT/JRE_LINK/bin/
Import the certificate for the CA as follows:
FIPS ON: ./keytool -J-Dcm.home=”<Agent_Home>/cm/AFT/” -J-Dorg.bouncycastle.fips.approved_only=true -importcert -alias <server_alias> -file <server_certificate_file> -keystore <keystore_file> -storepass <password> -storetype BCFKS -providerName BCFIPS
NOTE: Ensure that the certificate is valid before you import it as a trusted certificate. View it with the keytool -printcert command or the keytool -importcert command without the -noprompt option, and verify that the displayed certificate fingerprints match the expected ones.