Authenticating Platform Server Certificate

The MFT Platform Server service supports certificate authentication.

Prerequisites

Platform Server certificate authentication works when the Client Platform Server is using SSL/TLS or Tunnel modes. Refer to the Platform Server documentation to see how to enable SSL/TLS and tunnel modes.

Procedure

  1. Configure the Platform Server Service to support certificate authentication.
    1. Navigate to Administration > System Configuration.
    2. Open the Global Platform Server Settings box.
    3. Set the Platform Server Client Authentication Method to one of the folllowing options:
      • Certificate Only: Platform Server clients must use certificate authentication.
      • Certificate or Password: Platform Server clients can use password or certificate authentication.
      • Certificate and Password: Platform Server clients must use password and certificate authentication.

      Setting one of these three options prompts the Platform Server service to request a certificate from the client.



  2. Restart the Platform Server service on each Internet Server where the Platform Server Service is enabled.
    1. Navigate to Administration > Transfer Servers > Platform Server > Platform Server Status
    2. Open the box for the Platform Server Host to restart.
      • Click Stop Server to stop the service.
      • Click Start Server to start the service.


  3. Log on to the Internet Server or Command Center Admin console.
    1. Navigate to Administration > Protocol Keys > Add Public Key.
    2. Set the Public Key Type to Platform Server Public Key.
    3. Set Apply Key to to User.
    4. Select the user to associate with the certificate.
    5. Set Status to Enabled. Set Description to a unique descriptive value.
    6. Copy/paste the certificate into the Enter the X.509 Certificate in the box below input field.
      The Platform Server client has the public key that needs to be entered into this input field.
    7. Click Continue.


      The Add Public Key Confirmation page is displayed.
    8. Review the information and click Continue.
      The key is added to the server and associated with the defined user.
  4. Navigate to Users > Manage Users and select the user that requires certificate authentication.
    1. Set Platform Server Client Authentication Method to Certificate Only.
    2. Click Update to save the changes.


Result

When a Platform Server uses TLS/SSL mode to connect to the Internet Server, the Internet Server requests a certificate from the Platform Server client. It verifies the certificate against the Platform Server certificates added in prior steps. If a match is found, the logon request is successful. If a match is not found, the logon request fails.