- MFT Configurations can be done using mftconsole
- Login to mftconsole using admin credentials.
- After login, select Administration tab on the right corner.
- Following configurations are available
- Payload Storage Directory
- domain_dir/mft/storage
- Callout Directory
- domain_dir/mft/callout
- Store inline Payload - File or DB type
- We can select the number of processors for Source , Transfer and Target
- Configure Control Directory
- domain_dir/mft/contrl_dir
- Inbound datasource jndi
- outbound datasource jndi
- You can this section to import and export MFT artifacts.
- Keystore
- MFT uses SSL and SSH keys to secure embedded SFTP server.
- Use this section to configure SSL and SSH keys .
- Steps to configure SSL certificates.
- Go to WLST command line path
- /mft/common/bin
- Start WLST
- connect("weblogic","welcome1","t3://localhost:7003")
- Access Oracle Platform Security Services (OPSS) key store service
- svc = getOpssService(name='KeyStoreService')
- Create a SSL keystore
- svc.createKeyStore(appStripe='<StripeName>’, name='<StoreName>’, password='<StorePassword>’, permission=false/true)
- Example : svc.createKeyStore(appStripe='mft', name='mftDefaultStore', password='Welcome1', permission=false/true)
- Generate SSL key pairs:
- svc.generateKeyPair(appStripe='mft', name='mftDefaultStore', password='Welcome1', dn='cn=www.thesnventerprise.com', keysize='1024′,alias='mftssl', keypassword='Welcome2′)
- Exit WLST .
- Go to Admin console.
- Select Keystore
- Add Stripe and Name values as mentioned in the above commands.
- Enter the keystore password and Private Key Password in the respective fields and confirm the password by entering it again.
- Save changes.
- We need to generate a password protected SSH keystore before we configure it in console.
- For placing files to embedded SFTP server from a remote server , we need to create an ssh keystore and configure it in mft console.
- Use following steps.
- Go to WLST path
- /mft/common/bin
- Start WLST command.
- connect("weblogic","welcome1","t3://manged_server_host:PORT")
- We can generate the key using WLST command or through ssh-keygen
- generateKeys('SSH', 'Welcome1','/custom/path/ssh-pvt-keys.ppk')
- ssh-keygen -t rsa -b 2048 -f /custom/path/ssh-pvt-keys.ppk -N Welcome1
- Import the key
- importCSFKey('SSH', 'PRIVATE', 'mftssh', '/custom/path/ssh-pvt-keys.ppk')
- Output - CSF key imported successfully.
- This will generate an alias name called mftssh
- Exit WLST
- Go to Keystore
- provide the SSH keystore password provided used in generateKeys command.
- Use following steps to configure remote server to access Embedded SFTP server.
- Ask the remote server admin to generate a SSH key pair.
- Get the public key from the remote user.
- Add the public key in MFT server authorization key.
- cat ~/.ssh/remote_pub_key.pub >> ~/.ssh/authorized_keys
- Import Public keys to MFT using WLST command.
- importCSFKey('SSH', 'PUBLIC', 'MFT_RM_USER', '/home/oracle/.ssh/authorized_keys')
- Note : Get the user name which remote server will use to login and use that user name in import command.
- Use this option to configure Embedded FTP and SFTP servers.
- Go to SFTP tab and add the following configurations
- Enable sFTP by ticking Enabled flag
- Set the authentication Type as PUBLIC
- Host Key Alias -- Use the alias name which you have used to generate the SSH keys in the above mentioned steps. mftssh
- Configure the Ports and User access.
- Select the MFT_RM_USER User from the list .
- After doing the changes RESTART the embedded server.
PGP Key Configurations :
- Go to WLST path
- Run the WLST command
- Connect to managed_server:port
- Run the following command to generate the PGP key pair.
- generateKeys('PGP', 'PGPWelcome1','/custom_path/PGP/Keys');
- importCSFKey('PGP', 'PUBLIC', 'Public_PGP', '/custom_path/PGP/Keys/pub.asc');
- importCSFKey('PGP', 'PRIVATE', 'Private_PGP', '/custom_path/PGP/Keys/secret.asc');
- Use the password which you have provided in generate key command and update the PGP keystore password in admin console.
- You can use the PGP private key for PGP encryption.
Note : Content encrypted using the public key can only be decrypted by the associated private key, which is a secret known only to the possessing party
MFT - Import SSL Certificates for Secured Connection.
- Get the certificate from target server
- Use the following command to get the certificate
- openssl s_client -connect hostname.com:21 -starttls ftp
- Copy the certificate including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
- Put the content in a .cer file.
- vi target_server_ssl_certficate.cer and ESC+i , paste it and save it
- Go to MFT wlst command folder
- Sample - cd /u01/app/oracle/middleware/mft/common/bin
- Run WLST command - ./wlst.sh
- Connect to weblgic server.
- connect('weblogic','$password', 't3s://AdminServer:7002')
- Access OPSS Security Service
- svc=getOpssService(name='KeyStoreService')
- Import the certificate using following command
- svc.importKeyStoreCertificate(appStripe='mft',name='mftDefaultStore', password='$keyStorePassword',alias='$ALIAS_NAME',keypassword='$PasswordForNewCertificate',type='TrustedCertificate',filepath='$FilePath/File_Name.cer')
- exit()
MFT - Import PRIVATE Keys:
- cd /u01/app/oracle/middleware/mft/common/bin
- ./wlst.sh
- connect("weblogic","password","t3://managed_server:port") - $PORT -9073
- importCSFKey('SSH', 'PRIVATE', 'CLIENT_PRIVATE_KEY', '/u01/app/oracle/tools/home/oracle/CLIENT_AWS_SFTP_privatekey.ppk')
- CSF key imported successfully
- exit()
Error Scenario:
Traceback (innermost last):
File "<console>", line 1, in ?
NameError: svc
Solution: Make sure you have run the command to set the value for svc
