Configuring Control-M MFT for an alternative CA

This procedure describes how to configure Control-M MFT for client authentication using an alternative CA.

Before you begin

• Create your own Java Keystore file.
• Generate a CSR and submit the request to the CA.
• Import the received certificate from the CA into the keystore.
• Export the CA certificate that authenticates the public key to a file.

  NOTE: Use the same password to protect the keystore and its private keys.

To configure Control-M MFT for an alternative CA:

1. Copy your keystore file to the following location:

   <Control-M/Agent home directory>/cm/AFT/data/SSL/cert

2. Update the keystore filename, location, and type, in the following location, as described in Java Keystore configuration:

   <Control-M/Agent home directory>/cm/AFT/data/ftpssl_config.properties

3. Update the password, as follows:

   <Control-M/Agent_Home_Dir>/CM/AFT/exe/keystoreutil –changepassword –storepass <your keystore password> –new_storepass <your keystore password> -keystoretype AFT_SSL –keystore <full path to your keystore file>

   The keystore file password is maintained, and the Control-M MFT SSL configuration file ftpssl_config.properties is updated with the encrypted password.

4. Import the CA to your FTP server.