We need to configure a secured FTP connection to ALM
« Back
Tags:
Question ID: 107661
0
0

Our internal Security team has found a vulnerability on one of our 12.53 QC instances. The remote FTP server allows the user's name and password to be transmitted in clear text, and there is a concern that the user's credentials may be intercepted by a network sniffer or a man-in-the-middle attack. How can we configure our FTP server so that it uses a secure connection to ALM?

Marked as spam
Posted by (Questions: 239, Answers: 31)
Asked on May 16, 2017 5:21 pm
102 views
Answers (1)
0
Private answer

To enable a secure FTP connection:

- On the ALM server machine, generate a keystore file. Using the command line, go to C:Program FilesHPHP Application LifeCycle Management javabin. Type keytool-genkey-keystore keystore.jks to run the keystore utility, then follow the instructions.
- Create an XML file, using the following format:

``
`'' password=''''/>`
``

Where 'keystore file path' is the directory and file name of the keystore file, and 'keystore password' is the password you defined for the keystore.

- Save the XML file as sslkeystore.xml.
- Place the sslkeystore.xml file in the following directory: C:ProgramDataHPALMwebappsqcbin.
- Restart the FTP server by restarting the ALM service, or reconfiguring the FTP_PORT site parameter.
- In the FTP client, select the FTPS or SSL option. If you are using FileZilla, go to File > Site Manager and click New Site. For Protocol, select FTP-File Transfer Protocol, and for Encryption, select Require implicit FTP over TLS, and click connect.

Marked as spam
Posted by (Questions: 2, Answers: 300)
Answered on May 16, 2017 5:39 pm
« Back
EyeOnTesting

Welcome back to "EyeOnTesting" brought to you by Orasi Software, Inc.

Got it!
X
Scroll to Top