- MFT Configurations can be done using mftconsole
- Login to mftconsole using admin credentials.
- After login, select Administration tab on the right corner.
- Following configurations are available
- Payload Storage Directory
- domain_dir/mft/storage
- Callout Directory
- domain_dir/mft/callout
- Store inline Payload - File or DB type
- We can select the number of processors for Source , Transfer and Target
- Configure Control Directory
- domain_dir/mft/contrl_dir
- Inbound datasource jndi
- outbound datasource jndi
- You can this section to import and export MFT artifacts.
- Keystore
- MFT uses SSL and SSH keys to secure embedded SFTP server.
- Use this section to configure SSL and SSH keys .
- Steps to configure SSL certificates.
- Go to WLST command line path
- /mft/common/bin
- Start WLST
- connect("weblogic","welcome1","t3://localhost:7003")
- Access Oracle Platform Security Services (OPSS) key store service
- svc = getOpssService(name='KeyStoreService')
- Create a SSL keystore
- svc.createKeyStore(appStripe='<StripeName>’, name='<StoreName>’, password='<StorePassword>’, permission=false/true)
- Example : svc.createKeyStore(appStripe='mft', name='mftDefaultStore', password='Welcome1', permission=false/true)
- Generate SSL key pairs:
- svc.generateKeyPair(appStripe='mft', name='mftDefaultStore', password='Welcome1', dn='cn=www.thesnventerprise.com', keysize='1024′,alias='mftssl', keypassword='Welcome2′)
- Exit WLST .
- Go to Admin console.
- Select Keystore
- Add Stripe and Name values as mentioned in the above commands.
- Enter the keystore password and Private Key Password in the respective fields and confirm the password by entering it again.
- Save changes.
- We need to generate a password protected SSH keystore before we configure it in console.
- For placing files to embedded SFTP server from a remote server , we need to create an ssh keystore and configure it in mft console.
- Use following steps.
- Go to WLST path
- /mft/common/bin
- Start WLST command.
- connect("weblogic","welcome1","t3://manged_server_host:PORT")
- We can generate the key using WLST command or through ssh-keygen
- generateKeys('SSH', 'Welcome1','/custom/path/ssh-pvt-keys.ppk')
- ssh-keygen -t rsa -b 2048 -f /custom/path/ssh-pvt-keys.ppk -N Welcome1
- Import the key
- importCSFKey('SSH', 'PRIVATE', 'mftssh', '/custom/path/ssh-pvt-keys.ppk')
- Output - CSF key imported successfully.
- This will generate an alias name called mftssh
- Exit WLST
- Go to Keystore
- provide the SSH keystore password provided used in generateKeys command.
- Use following steps to configure remote server to access Embedded SFTP server.
- Ask the remote server admin to generate a SSH key pair.
- Get the public key from the remote user.
- Add the public key in MFT server authorization key.
- cat ~/.ssh/remote_pub_key.pub >> ~/.ssh/authorized_keys
- Import Public keys to MFT using WLST command.
- importCSFKey('SSH', 'PUBLIC', 'MFT_RM_USER', '/home/oracle/.ssh/authorized_keys')
- Note : Get the user name which remote server will use to login and use that user name in import command.
- Use this option to configure Embedded FTP and SFTP servers.
- Go to SFTP tab and add the following configurations
- Enable sFTP by ticking Enabled flag
- Set the authentication Type as PUBLIC
- Host Key Alias -- Use the alias name which you have used to generate the SSH keys in the above mentioned steps. mftssh
- Configure the Ports and User access.
- Select the MFT_RM_USER User from the list .
- After doing the changes RESTART the embedded server.
PGP Key Configurations :
- Go to WLST path
- Run the WLST command
- Connect to managed_server:port
- Run the following command to generate the PGP key pair.
- generateKeys('PGP', 'PGPWelcome1','/custom_path/PGP/Keys');
- importCSFKey('PGP', 'PUBLIC', 'Public_PGP', '/custom_path/PGP/Keys/pub.asc');
- importCSFKey('PGP', 'PRIVATE', 'Private_PGP', '/custom_path/PGP/Keys/secret.asc');
- Use the password which you have provided in generate key command and update the PGP keystore password in admin console.
- You can use the PGP private key for PGP encryption.
Note : Content encrypted using the public key can only be decrypted by the associated private key, which is a secret known only to the possessing party
MFT - Import SSL Certificates for Secured Connection.
- Get the certificate from target server
- Use the following command to get the certificate
- openssl s_client -connect hostname.com:21 -starttls ftp
- Copy the certificate including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
- Put the content in a .cer file.
- vi target_server_ssl_certficate.cer and ESC+i , paste it and save it
- Go to MFT wlst command folder
- Sample - cd /u01/app/oracle/middleware/mft/common/bin
- Run WLST command - ./wlst.sh
- Connect to weblgic server.
- connect('weblogic','$password', 't3s://AdminServer:7002')
- Access OPSS Security Service
- svc=getOpssService(name='KeyStoreService')
- Import the certificate using following command
- svc.importKeyStoreCertificate(appStripe='mft',name='mftDefaultStore', password='$keyStorePassword',alias='$ALIAS_NAME',keypassword='$PasswordForNewCertificate',type='TrustedCertificate',filepath='$FilePath/File_Name.cer')
- exit()
MFT - Import PRIVATE Keys:
- cd /u01/app/oracle/middleware/mft/common/bin
- ./wlst.sh
- connect("weblogic","password","t3://managed_server:port") - $PORT -9073
- importCSFKey('SSH', 'PRIVATE', 'CLIENT_PRIVATE_KEY', '/u01/app/oracle/tools/home/oracle/CLIENT_AWS_SFTP_privatekey.ppk')
- CSF key imported successfully
- exit()
Error Scenario:
Traceback (innermost last):
File "<console>", line 1, in ?
NameError: svc
Solution: Make sure you have run the command to set the value for svc
Thanks and very useful information
ReplyDeletethanks for your tutorial any help always get
ReplyDelete'mftssh', Key details not available, invalid private key.
regards