Contents
| 1 | Introduction |
2 | Provided Service |
| 2.1 | Standard Compliance |
3 | Client Requirements |
| 3.1 | FTP over TLS Support |
| 3.2 | Password Handling |
| 3.3 | Client Certificates |
4 | Client Example: LFTP |
| 4.1 | Configuration File |
1 Introduction
This document is an interwork description for the TLS secured FTP interface (FTP over TLS). The interface provides a TLS based file transfer northbound interface (NBI) for accessing the system file storage (file NBI).
An FTP client supporting the specified requirements is needed to interwork with the TLS file transfer NBI.
2 Provided Service
2.1 Standard Compliance
Only passive mode and TLS connection are allowed.
The FTP server does not request password from the client. So, even if the client asks for a password input, it is not sent by the server.
3 Client Requirements
3.1 FTP over TLS Support
3.2 Password Handling
The FTP server does not request password from the client. So, even if the client asks for a password input, it is not sent by the server.
3.3 Client Certificates
To open an FTP over TLS connection, a valid client certificate is required.
During the authentication, the username is extracted from the client certificate, using the X509v3 extension SubjectAltName. If multiple SubjectAltNames exist, COM uses the first available type and the value in SubjectAltName.
4 Client Example: LFTP
4.1 Configuration File
set ftp:ssl-allow on set ftp:ssl-force on set ftp:ssl-protect-data on set ftp:ssl-protect-list on set ftp:passive-mode on set ftps:initial-prot "P" set ftp:use-feat on set ssl:verify-certificate on set ssl:ca-file <path>/<trustedcacert>.pem set ssl:cert-file <path>/<cert>.pem set ssl:key-file <path>/<key>.pem set ssl:check-hostname off |