If the Core FTP LE client is running on your local PC then you will only need a TTLSRule to protect the FTP server. Otherwise you would need two separate rules: one for the server and another for the client.
Assuming your FTP client is not running on Z there are two things from the policy that I would change in the TTLSRule: 1) The LocalPortRange should be the port that your FTP server is listening on (typically 21). 2) The Direction should be INBOUND. I would also make sure your keystore database /usr/local/certificates/BCI.kdb contains the following: - Personal certificate for FTP server - Certificate Authority (CA) that signed the FTP server's personal certificate - Certificate Authority (CA) that signed the remote FTP client's personal certificate (since you are doing client authentication) Best regards, Josh Bennetone z/OS CommServer Developer ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
