AUTHENTICATE_PEER - UFTP configuration option
Description
The AUTHENTICATE_PEER option specifies whether UFTP will certify that an FTP server's certificate was issued by a known and trusted authority.
Usage
Specification Method | Parameter / Value | IBM i | HP NonStop | UNIX | Windows | z/OS |
---|---|---|---|---|---|---|
Command Line, Short Form | n/a | |||||
Command Line, Long Form | -authenticate_peer opt | |||||
Environment Variable | UFTPAUTHENTICATEPEER=opt | |||||
Configuration File Keyword | authenticate_peer opt |
Value
opt specifies whether UFTP will certify the certificate presented by the FTP server during a TLS/SSL handshake.
opt can be:
- YES - the FTP server's certificate must be authenticated by one of the trusted authorities in the file specified by the CA_CERTIFICATES option.
- NO - UFTP will allow a connection to a TLS/SS-enabled FTP server without verifying the FTP server's certificate.
Default is no for the FTP PROTOCOL option.
This option is not used when PROTOCOL is SSH (which doesn't use TLS/SSL) or when it is FTPS (which requires peer authentication).
Notes for Explicit FTPS (FTPES) Support
Explicit FTPS support was added to UFTP for Universal Agent 7.1.0.0. When an FTP server enables explicit TLS/SSL support, it allows clients to request encrypted sessions over the standard FTP port 21. This is different from implicit TLS/SSL support, which requires a connection to a unique, well-known port (990 by default) that ONLY accepts TLS/SSL-enabled client requests.
UFTP has always offered implicit FTPS support via the FTPS PROTOCOL value.
Because an FTP client may not always know whether the FTP server's port 21 is accepting SSL-enabled connections (i.e., it may only accept unencrypted, plain-text FTP sessions), explicit FTPS is not really a distinct protocol per se. Therefore, UFTP offers explicit FTPS support by applying new options and supported values to the existing FTP PROTOCOL value.
UFTP requests an explicit FTPS session using the ENABLE_SSL option or by prefixing the HOST option's value with ftpes://
.
The -authenticate_peer
option is only configurable for explicit FTPS sessions. When the FTPS PROTOCOL is used, -authenticate_peer yes
is implied. The -authenticate_peer
option is ignored for the SSH PROTOCOL.