Re: FTPS Explicit Connection

Mon, 05 Oct 2020 07:38:09 -0700 

I can't help you much on the server side of the equation, but this excerpt from 
an FTP client job will get you started:

01 //FTPS     EXEC PGM=FTP,REGION=4M,
02 // PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/10.1.1.1 5521 -e')
03 //STDENV   DD *
04 GSK_PROTOCOL_TLSV1_2=ON
05 //* GSK_TRACE=0xFFFF
06 //* GSK_TRACE_FILE=/tmp/gsk.trc
07 //* The 2 stmts above can be temporarily uncommented for debugging
08 //SYSFTPD  DD *,SYMBOLS=(JCLONLY)
09 CLIENTERRCODES    EXTENDED
10 EPSV4             TRUE
11 EXTENSIONS        AUTH_TLS
12 FWFRIENDLY        TRUE
13 KEYRING           TCPIP/your.FTP.KEYRING
14 PASSIVEIGNOREADDR TRUE
15 SECUREIMPLICITZOS FALSE
16 SECURE_FTP        REQUIRED
17 SECURE_MECHANISM  TLS
18 SECURE_DATACONN   PRIVATE
19 SECURE_CTRLCONN   PRIVATE
20 SECURE_HOSTNAME   REQUIRED
21 TLSMECHANISM      FTP
22 TLSRFCLEVEL       RFC4217
23 TRACE
24 //*

Line
 02 _CEE_ENVFILE_S=DD:STDENV
    - Allows you to specify LE overrides via a SYSIN DD rather than a VB dataset
       0.1.1.1 5521
    - Your server IP address & port
    -e
      Exit step with FTP return code instead of 0 (probably overridden)

 05 & 06
    GSK_TRACE...
    Turns on GSK tracing for FTP client, writes trace records into /tmp/gsk.trc 
file
    Use gsktrace "gsk.trc > gsk.out" command to format into human readable. 
Very helpful

 13 You will have to have a public/private key known to the server, and a 
public key or
      CA cert shared with the client (if on the same system, then on the same 
key ring is fin)

 11 & 16 are also important 


You'll need to use the manuals to understand most of the commands, but this 
will get you started.

Some of these manuals may help:

SC14-7495-30 Cryptographic Services System Secure Sockets Layer Programming

SC27-3651-30 IP Configuration Reference

GC27-3652-30 IP Diagnosis Guide may be useful if you are getting GSK errors.

SA23-2292-30 Security Server RACF Command Language Reference contains the 
syntax for the RACDCERT instructions.

HTH,
Wendell Lovewell

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to