Configuring OFTP2 Transfers
OFTP2 (ODETTE File Transfer Protocol) is an updated version of the OFTP standard. It was defined to address the data transfer requirements of the European automotive industry.
Types of OFTP2 Transfers
MFT supports two types of OFTP2 transfers:
-
Incoming OFTP2 Transfers: The OFTP2 transfer server listens on two ports (clear text and TLS) for incoming OFTP2 requests.
-
Outgoing OFTP2 Transfers: Transfers to target OFTP2 servers. Outgoing transfers can use TLS or clear text ports.
OFTP2 Restrictions
While OFTP2 supports client initiated Send and Receive transfers, MFT only supports Send transfers.
-
OFTP2 clients can initiate a Send file to MFT.
-
MFT can initiate a Send file to a target OFTP2 server.
OFTP2 does not implement a directory list capability:
-
MFT users cannot navigate through an OFTP2 directory
-
There is no concept to Create or Create Replace files on target OFTP2 servers.
OFTP2 file names are virtualized.
-
File Names are defined by a Virtual File Name.
-
The way that the Virtual File Names are defined is up to the OFTP2 server writing the file.
When an OFTP2 client initiates a transfer to the MFT OFTP2 transfer server, the target server definition cannot be an OFTP2 server. For example, this is not supported:
OFTP2 Client > MFT OFTP2 Transfer Server > OFTP2 Server
Required Information
Before you begin to configure OFTP2, you need the following information from the OFTP2 partner:
| Parameter | Description |
|---|---|
| Partner Odette ID | A string that identifies the partner. |
| Partner Password | The password that is validated by the partner. |
| TLS Support | Whether the OFTP2 request is encrypted by TLS. |
The following partner public certificates must optionally be provided:
| Partner Public Certificate | Description |
|---|---|
| TLS Public Certificate | The TLS certificate associated with the Partner TLS private key. |
| Session Authentication Public Certificate | Certificate used to authenticate the OFTP2 partner. |
| Encryption Public Certificate | The certificate used to encrypt data sent to the OFTP2 partner. |
| Signing Public Certificate | The certificate used to verify the OFTP2 data signature. |
| EERP Public Certificate | Certificate used by the End-to-End Response Protocol. |
Securing incoming OFTP2 Requests
Incoming OFTP2 Requests are secured by the following criteria:
| Criteria | Requirement |
|---|---|
| Odette ID | Must match the partner Odette ID defined in a server definition. |
| Password | Must match the partner password defined in a server definition. |
| TLS Certificate | Must match the OFTP2 client TLS certificate. |
| Session Authentication | Provides a means of authenticating OFTP2 requests. |
The section titled "Create a Server Definition for Incoming and Outgoing OFTP2 requests" has more detail about configuring these parameters.
More about OFTP2 Passwords
OFTP2 passwords are only 8 characters and are defined in the RFC as upper case only. While MFT requires OFTP2 clients to send an OFTP2 password and MFT validates the password, OFTP2 password authentication is not a good way to secure OFTP2. That is why we strongly suggest using session authentication and TLS certificate authentication. Both Local and Partner Passwords are required fields. Some OFTP2 clients and servers do not validate the incoming password. When the OFTP2 partner does not validate the incoming password, you can set the LOCAL password to any value.
OFTP2 Virtual File names
OFTP2 does not support directories and files. Rather, it supports a virtual file name. The virtual file name is only 26 bytes. Here is how MFT handles OFTP2 virtual file names.
Incoming Requests:
-
MFT searches for a transfer definition where the Virtual Alias matches the OFTP2 virtual file name. If found a match, MFT uses that definition.
-
If no match is found, MFT uses the first transfer definition defined for the OFTP2 user.
Outgoing Requests:
MFT sets the virtual file name to the first 26 bytes of the server file name as defined in the Transfer definition.
Steps to Configure MFT for OFTP2 Transfers
To configure MFT for incoming and outgoing OFTP2 transfers, complete the following steps. These steps are discussed in more detail later.