The Cleo Harmony and Cleo VLTrader applications contain a full-featured, embedded FTP server for receiving FTP requests.
Note: This section applies to the
Cleo Harmony and
Cleo VLTrader applications only.
FTP clients must present a valid username and password; anonymous logins are not supported. See Configuring local FTP users for information about how to configure FTP usernames, passwords, and home directories.
- Click the Local Listener in the tree pane, and then click the FTP tab.
- Specify parameter values as appropriate.
- Click Apply.
The values you specified are saved.
FTP Local Listener reference
FTP
- Select FTP to allow FTP clients to send requests over clear-text FTP.
- Specify a Port number. A value of 21 is the default for FTP. You can also use any other unused port value in the range of 1024 - 65535. Using non-standard ports in the range of 1 - 1023 might interfere with port numbers reserved by TCP/IP for other purposes.
- You can configure FTP to listen on multiple ports by separating the field values with commas. For example, suppose you specified port 5021, but you have some trading partners who have outbound firewall restrictions and can only send to port 21. Specifying 5021,21 in the Port field allows the firewall-restricted trading partners to be able to send to your server while allowing you to continue to accept inbound messages from your other trading partners on port 5021.
- FTP/s Explicit (AUTH TLS)
- Select FTP/s Explicit (AUTH TLS) to allow FTP clients to send requests over both clear-text, non-secure FTP and encrypted, secure FTP/s.
- Specify a Port number. Port number 989 is standard for implicit FTP/s. You can also use any other unused port value in the range of 1024 - 65535. Using non-standard HTTP ports in the range of 1 - 1023 might interfere with port numbers reserved by TCP/IP for other purposes.
- Select AUTH Required to allow only encrypted communication on the FTP/s explicit port. This means a client must issue an AUTH command to explicitly request security upon connecting or the server will refuse the connection. However, you can configure FTP/s explicit to allow unencrypted communication as well by clearing the AUTH Required check box. In this configuration, both clear-text, non-secure FTP and encrypted, secure FTP/s are supported on the same port. Note that this setting has no effect on the plain FTP port or the FTP/s implicit port.
- FTP/s Implicit
- Select FTP/s Implicit to allow FTP clients to send requests over both clear-text, non-secure FTP and encrypted, secure FTP/s.
- Specify a Port number. Port number 989 is standard for implicit FTP/s. You can also use any other unused port value in the range of 1024 - 65535. Using non-standard HTTP ports in the range of 1 - 1023 might interfere with port numbers reserved by TCP/IP for other purposes.
- SSL Server Certificate
- If you select FTP/s Explicit (AUTH TLS) or FTP/s Implicit, select a valid SSL Server Certificate. Click Browse... to navigate to and select a certificate. Then, enter the Password for the SSL Server Certificate's private key.
- Enable Passive Mode
- Select Enable Passive Mode to configure the FTP server to support both active mode (unlike the command port, the client serves data ports) and passive (or port) mode (like the command port, the server serves data ports).
- If you enable passive mode, specify a passive port range using the Low Port and High Port fields. The FTP server will sequentially cycle through the passive port range while serving data ports during the course of client connections.
- Authenticate Client
- If you select HTTP/s, select Authenticate Client to require the SSL client to provide a valid certificate during SSL negotiation.
- Authentication Certificates
- By default, all of the Certificate Manager Trusted CA and user certificates are accepted for client authentication. To change this, use the Authentication Certificates button to establish the list of accepted FTP client authentication certificates, which can be:
- all or a subset of the trusted CA certificates and/or
- all or a subset of the user certificates.
This option must be decided and agreed upon between trading partners before sending messages via SSL. After changing this setting, stop and restart the VersaLex service or daemon to clear cached SSL sessions.
- Exchange Certificates
- Click Exchange Certificates to send the SSL Server Certificate to your trading partner(s). See Exchanging certificates with your trading partner for further information.
Comments
0 comments
Please sign in to leave a comment.