Using Advanced Message Security with Managed File Transfer
This scenario explains how to configure Advanced Message Security to provide message privacy for data being sent through a Managed File Transfer.
Before you begin
If your Managed File Transfer agents are connecting in bindings mode, ensure you also have the IBM Global Security Kit (GSKit) component installed on their local installation.
About this task
In this scenario we
consider a simple topology comprising one machine with two Managed File Transfer queues and two agents, AGENT1
and
AGENT2
, sharing a single queue manager, as described in the scenario Scenario overview. Both agents connect in the same way, either in bindings mode or client
mode.
1. Creating certificates
Before you begin
ftagent
in a group
FTAGENTS
is used to run the Managed File Transfer Agent processes. If you are using your own user and group names, change the commands
accordingly.About this task
Note:
- If your Managed File Transfer agents are running in bindings mode, the commands that you use to create a CMS (Cryptographic Message Syntax) keystore are detailed in the Quick Start Guide ( Windows or UNIX ) for your platform.
- If your Managed File Transfer agents are running in client mode, the commands you will need to create a JKS ( Java Keystore) are detailed in the Quick Start Guide for AMS with Java clients.
Procedure
2. Configuring message protection
About this task
AGENT2
,
using the setmqspl command. In this scenario the same user is used to start both
agents, and therefore the signer and receiver DN are the same and match the certificate we
generated. Procedure
Results
AGENT1
to
AGENT2
, and the file contents will be transmitted securely between the two agents.