SSL/TLS Authentication
By using SSL/TLS, TIBCO MFT Platform Server for IBM i supports both server authentication and client authentication to insure that in a file transfer, the client validates the identity of the server and the server validates the identity of the client.
When using TIBCO MFT Platform Server for IBM i with TLS, if you want to send a file to a remote platform server, you must authenticate the identity of the remote platform server before issuing a transfer request; this is done through server authentication. If you receive a file transfer request from a remote platform server, you must authenticate the identity of the remote platform server before accepting the data; this is done through client authentication. Data transfer starts only after the authentication is completed.
TIBCO MFT Platform Server for IBM i performs TLS authentication by using digital certificates and certificate authority (CA). For more information of digital certificates and certificate authority, see Digital Certificates and Certificate Authority.
MFT Platform Server supports an extension to the standard TLS processing to allow the system administrator to determine which certificates should be accepted and which should be rejected. This is done by the creation of an SSLAUTH file. This is supported on all MFT Platform Servers. The format of the file is the same on all platforms, but the way that the file is defined is dependent on each platform.
For IBM i, the SSLAUTH file is located in the MFT Platform Server Product library. The path is defined in the MFT Platform Server Global Configuration file (see below).
Type in Y = "Yes" for the Use TLS Authorization File field. Also type in TLS Application ID names. Application ID is the name of MFT Platform Server and Client Application ID. This Application ID must be defined in the MFT Global Configuration file. The default value for the server and client is TLSCERTIFICATE.