Ftp TLS/SSL and Certificates


The certificates are managed directly by the user via the commandline using java's keytool utility.

*NOTE: starting 11.08, in the FTP (Commons and JScape) profiles , there are separate fields for the Keystore and Truststore.
The Keystore is for client certificates. The Truststore is for server certificates.
You can use the same store for client and server certificates, but it is recommended to put client certificates into the Keystore and server certificates into the Truststore.

Server Certificate

* X.509 format Server certificates need to be added to the java trust store.
The location of the Trust store for Automize 11 is: c:\program files (x86)\Automize11\jre\lib\security\cacerts
The location of the Trust store for AbleFTP 11 is: c:\program files (x86)\AbleFTP11\jre\lib\security\cacerts
The location of the Trust store for JaSFTP 11 is: c:\program files (x86)\JaSFTP11\jre\lib\security\cacerts

* Open a dos prompt as Administrator (Right click on dos prompt icon and “run as administrator”)
cd “c:\program files (x86)\Automize11\jre\lib\security”

* assume you are using Automize11, and your certificate file is c:\test\cert.cer.
“c:\program files (x86)\Automize11\jre\bin\keytool” -import -alias ca -file c:\test\cert.cer -keystore cacerts –storepass changeit

NOTE: do not change the store password 'changeit' .. That is the default trust store password.
NOTE: adjust the keytool path accordingly if you are using AbleFTP or JaSFTP or version 10 etc..

Settings to use in Automize/JaSFTP/AbleFTP

* In the Automize/JaSFTP/AbleFTP Profile setup, in the ssl tab:
Truststore path = c:\program files (x86)\Automize11\jre\lib\security\cacerts
Truststore password = changeit
Truststore type = jks


Client Certificate

Create a new keystore and certificate

* Open a dos prompt as Administrator (Right click on dos prompt icon and “run as administrator” ) and enter command:
cd install_dir\jre\bin
install_dir = full path to the Automize, AbleFtp or JaSFtp install directory.
Example for Automize11, use: cd c:\program files (x86)\Automize11\jre\bin

* command below creates a keystore (c:\test\keystore.jks) and a private key (mykey), both with password = password123
keytool -genkey -alias mykey -keypass password123 -storepass password123 -keystore c:\test\keystore.jks

* You should export your certificate (includes public key) and send to the FTP server admin to install.
keytool -exportcert -keystore c:\test\keystore.jks -alias mykey -file c:\test\mycer.cer

Import existing certificate or private key into Existing Keystore

* command below imports a private certificate or private key into the keystore..
keytool -import -alias mycert -keystore c:\test\keystore.jks -file C:\Test\cert.cer

* command below lists the keys / certificates within the store
keytool -list -keystore c:\test\keystore.jks

Settings to use in Automize/JaSFTP/AbleFTP

* In the Automize/JaSFTP/AbleFTP Profile setup, in the ssl tab:
Keysstore path = c:\test\keystore.jks
Keystore password = password123
Keystore type = jks
Key Alias = mycert
Key Password = password123
Key Alias and Key Password have to be entered in the Commons module only.