Tibco BusinessConnect and GSX integration over FTPS (FTP over SSL)
Article ID: KB0091102
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | - |
| Not Applicable | - |
Description
Resolution:
We have a couple of customers trying to communicate/trade with GSX VAN to perform FTPS (FTP over SSL) transactions and have run into a couple of issues.
On analyzing the problem, we found the following steps being overlooked .
1) GSX VAN provides certificate/key to their BusinessConnect customers stating these certificates/keys MUST be used as part of SSL handshake (FTPS)
2) NOTE that these credentials issued by the VAN is not the GSX public certificate, but rather it is the private key that BusinessConnect should use as a client (and hence as part of the Client Authentication process). In short they are providing us with "private key" we need to use.
3) The GSX VAN does not explicitly provide their Server Public Certificate which BC needs to use for the SSL server authentication.
4) The common mistake which our customers make is that they directly upload the given credentials from GSX (Private key) into their configured partners credential tab (hence assuming that it is the public certificate of the VAN server).
5) As a convenience, here attached is the public certificate of the GSX server at the time we write this article. You should upload it into your Trading Partner configuration. Note that this certificate can expire as any intermediate or root CA certificates. Please contact your Trading Partner or the GSX VAN support for up-to-date public certificate.
In summary:
a) Upload the private key given by GSX under your BC Trading Host credentials
b) Upload the public key provided (obtained in step 5) under your Trading Partner credentials
c) Make sure these credentials are used by your configured FTPS transport.
We have a couple of customers trying to communicate/trade with GSX VAN to perform FTPS (FTP over SSL) transactions and have run into a couple of issues.
On analyzing the problem, we found the following steps being overlooked .
1) GSX VAN provides certificate/key to their BusinessConnect customers stating these certificates/keys MUST be used as part of SSL handshake (FTPS)
2) NOTE that these credentials issued by the VAN is not the GSX public certificate, but rather it is the private key that BusinessConnect should use as a client (and hence as part of the Client Authentication process). In short they are providing us with "private key" we need to use.
3) The GSX VAN does not explicitly provide their Server Public Certificate which BC needs to use for the SSL server authentication.
4) The common mistake which our customers make is that they directly upload the given credentials from GSX (Private key) into their configured partners credential tab (hence assuming that it is the public certificate of the VAN server).
5) As a convenience, here attached is the public certificate of the GSX server at the time we write this article. You should upload it into your Trading Partner configuration. Note that this certificate can expire as any intermediate or root CA certificates. Please contact your Trading Partner or the GSX VAN support for up-to-date public certificate.
In summary:
a) Upload the private key given by GSX under your BC Trading Host credentials
b) Upload the public key provided (obtained in step 5) under your Trading Partner credentials
c) Make sure these credentials are used by your configured FTPS transport.
Issue/Introduction
Tibco BusinessConnect and GSX integration over FTPS (FTP over SSL)
Feedback
Yes
No
Powered by
