AUTHENTICATE_PEER - UFTP configuration option

Description

The AUTHENTICATE_PEER option specifies whether UFTP will certify that an FTP server's certificate was issued by a known and trusted authority.

Usage

Specification Method

Parameter / Value

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

 n/a






Command Line, Long Form

-authenticate_peer opt



(tick)

(tick)

(tick)

Environment Variable

UFTPAUTHENTICATEPEER=opt



(tick)

(tick)

(tick)

Configuration File Keyword

authenticate_peer opt



(tick)

(tick)

(tick)

Value

opt specifies whether UFTP will certify the certificate presented by the FTP server during a TLS/SSL handshake.

opt can be:

  • YES - the FTP server's certificate must be authenticated by one of the trusted authorities in the file specified by the CA_CERTIFICATES option.
  • NO - UFTP will allow a connection to a TLS/SS-enabled FTP server without verifying the FTP server's certificate.

Default is no for the FTP PROTOCOL option.

This option is not used when PROTOCOL is SSH (which doesn't use TLS/SSL) or when it is FTPS (which requires peer authentication).

Notes for Explicit FTPS (FTPES) Support

Explicit FTPS support was added to UFTP for Universal Agent 7.1.0.0. When an FTP server enables explicit TLS/SSL support, it allows clients to request encrypted sessions over the standard FTP port 21. This is different from implicit TLS/SSL support, which requires a connection to a unique, well-known port (990 by default) that ONLY accepts TLS/SSL-enabled client requests.

UFTP has always offered implicit FTPS support via the FTPS PROTOCOL value.

Because an FTP client may not always know whether the FTP server's port 21 is accepting SSL-enabled connections (i.e., it may only accept unencrypted, plain-text FTP sessions), explicit FTPS is not really a distinct protocol per se. Therefore, UFTP offers explicit FTPS support by applying new options and supported values to the existing FTP PROTOCOL value.

UFTP requests an explicit FTPS session using the ENABLE_SSL option or by prefixing the HOST option's value with ftpes://.

The -authenticate_peer option is only configurable for explicit FTPS sessions. When the FTPS PROTOCOL is used, -authenticate_peer yes is implied. The -authenticate_peer option is ignored for the SSH PROTOCOL.