AFT--> New Account creation Problem
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
AFT--> New Account creation Problem
Hi,
I have to create a new account to transfer files from one server to another server.
The destination remote server is a standard FTP
But the source remote host server is an FTP over SSL.
How should I make the settings?
What all information do I need for the host1?
I have the ftp address,username,password and SSL_Public_Key.crt file.
Are they enough?
Please guide me further.
Thanks,
Rajesekhar
I have to create a new account to transfer files from one server to another server.
The destination remote server is a standard FTP
But the source remote host server is an FTP over SSL.
How should I make the settings?
What all information do I need for the host1?
I have the ftp address,username,password and SSL_Public_Key.crt file.
Are they enough?
Please guide me further.
Thanks,
Rajesekhar
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
Any further help?
I am still stuck at this.
I dont know why Host1(FTP over SSL) is not working.
I even tried SFTP(SSH) but didnt worked. What all we need to set up SFTP for a host?
I dont know why Host1(FTP over SSL) is not working.
I even tried SFTP(SSH) but didnt worked. What all we need to set up SFTP for a host?
I have configured some of this kind of accounts but i difficult to guide you from outside.
The first information I need are:
1) version of controlm agent and of the CM for aft installed
2) so: windows or unix?
3) server ftp windows or unix?
4) language of the server
The true test is to run a job that use this account, the validate option works if the user that define the account has true rights.
The first information I need are:
1) version of controlm agent and of the CM for aft installed
2) so: windows or unix?
3) server ftp windows or unix?
4) language of the server
The true test is to run a job that use this account, the validate option works if the user that define the account has true rights.
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
1)6.2.01 and 6.2.02 respectivelymauriziog wrote:I have configured some of this kind of accounts but i difficult to guide you from outside.
The first information I need are:
1) version of controlm agent and of the CM for aft installed
2) so: windows or unix?
3) server ftp windows or unix?
4) language of the server
The true test is to run a job that use this account, the validate option works if the user that define the account has true rights.
2)windows
3)server ftp unix
4)I dont understand this, hmmmmmm......
well, we have some software "WS_FTP Pro" through which I am able to login to the ftp server and able to download the files from it. so, for the time being I ran a script which runs this "WS_FTP Pro" and access the ftp server.
And I am running that script from Control-M(atleast I can say Control-M is involved somehow)
But I am not able to set up that in CM for AFT. when it works in "WS_FTP Pro" then theres some problem with me in setting up the account but not the server.
Raj
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
Ok rajesekhar, this is important: from one client on the same server the connection works. Fine.well, we have some software "WS_FTP Pro" through which I am able to login to the ftp server and able to download the files from it.
When you use "WS_FTP Pro" automatically open a window that save the certificate the first time, isnt it?
Well: step TWO
The certificate you have must be "X.509 PEM (Privacy-Enhanced Mail) format to import certificates".
You have? YES? Well step 3:
You must "specify your security level" on Windows:
in the path:
<CONTROL>/cm/AFT/data/SSL/cert
there is a .reg file: "aft_security_level.reg"
3.1 Make a backup of this file
3.2 edit it with text editor
3.3 change/control the value of "Security_Level"
Set it = 3 (server authentication)
Is the must common setting.
Save the file
3.4 Run it (double click)
3.5 run\regedit and control that the values are correctly set
3.6 restart agent services
When done this we continue.
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
Change the certificate format.The certificate which I have is with .crt extension but not PEM?
.crt doesnt work? can I change .crt to PEM?
If so, how?
There is a program freewere that consent to convert the certificate format.
I have used "openssl".
Or you can ask to the server ftp administrator to send you the certificate in this format.
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
Hey,
Where can we get this openssl?
Does it come with the OS?
I searched for openssl in my comp and I found " C:\Program Files\Intel\AMT" which contains openSSL_license.txt
And in the network also, I found openssl.exe, When I double clicked that openssl.exe file, it opened a dos prompt window like:
OpenSSL >
But I don’t know which commands to use to convert my .crt to PEM certificate. I searched on goole and I got hell lot of things and I got confused.
Can you tell me the exact command line syntax to do the needful?
Thanks,
Raj
Where can we get this openssl?
Does it come with the OS?
I searched for openssl in my comp and I found " C:\Program Files\Intel\AMT" which contains openSSL_license.txt
And in the network also, I found openssl.exe, When I double clicked that openssl.exe file, it opened a dos prompt window like:
OpenSSL >
But I don’t know which commands to use to convert my .crt to PEM certificate. I searched on goole and I got hell lot of things and I got confused.
Can you tell me the exact command line syntax to do the needful?
Thanks,
Raj
I don’t know which commands to use to convert my .crt to PEM certificate. I searched on goole and I got hell lot of things and I got confused.
The syntax of my version, for converting fron crt to pem is:
1) convert a certificate from PEM to DER:
x509 –in input.crt –inform PEM –out output.crt –outform DER
2) convert the certificate obtained from 1) to PEM:
convert a certificate from DER to PEM:
x509 –in input.crt –inform DER –out output.crt –outform PEM
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
Failed (
When I tried using your syntax, I got the following error:
//
unable to load certificate
3292:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:crypto/asn1
/tasn_dec.c:946:
3292:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:cr
ypto/asn1/tasn_dec.c:304:Type=X509
error in x509
//
I have no clue what's that.
When I tried using your syntax, I got the following error:
//
unable to load certificate
3292:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:crypto/asn1
/tasn_dec.c:946:
3292:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:cr
ypto/asn1/tasn_dec.c:304:Type=X509
error in x509
//
I have no clue what's that.
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00
- rajesekhar
- Nouveau
- Posts: 72
- Joined: 07 Dec 2007 12:00