FTP SSL needs to use AUTH TLS
search cancel

FTP SSL needs to use AUTH TLS

book

Article ID: 45610

calendar_today

Updated On:

Products

Workload Automation Agent

Issue/Introduction

FTP jobs began to fail after a change in security policy was introduced. The change was to enforce secure connections to the SSL server using AUTH TLS. The following message is displayed in the job log:

534 Server requires authentication before USER command

 

 

 

 

Environment

Component: Workload Automation-Agent 

Release: Any

Cause

Change in internal security policy now enforces secure connections to SSL server using AUTH TLS. 

 

Resolution

Review and follow the documented procedures for Configuring SSL FTP. Once this has been completed, you may proceed to the following steps.

  1. Add the following parameters to the agentparm.txt file.
  • ftp.client.ssl=true
  • ftp.client.ssl.truststore=<as appropriate>
  • ftp.client.ssl.truststore.password=<as appropriate>
  • ftp.client.ssl.start_with_ssl_session=true  (This setting should force the 'AUTH TLS' to be sent.)
  • ftp.client.ssl.accept_new_ca=true (This setting will import the certificate into the agent keystore)
  1. Restart the agent.
  2. Run the FTP job.
  3. After the job completes, as we only need to import the certificate once, edit the agentparm.txt file and change the ftp.client.ssl.accept_new_ca setting to false. 
  • ftp.client.ssl.accept_new_ca=false
  1. Restart the agent.

The agent should now be configured for AUTH TLS authentication.