BridgeGate Server

Configure the BridgeGate FTP Service to use SSL Encryption

28 views September 12, 2016 August 6, 2018 admin 0

BridgeGate FTP Service

If the BridgeGate Service is already installed, open the Services applet via the Microsoft Management Console.

If the BridgeGate service is not installed, obtain the installation files a follow the server installation instructions and install the BridgeGate TEI Server and the BridgeGate FTP Server.

Once the services are installed, use the BridgeGate portal to add users to be able to connect to the FTP server.

Configuring SSL for FTP

  • Stop the BridgeGate FTP Service
  • Modify the \bridgegate\bin\runFTPserver.bat file to reflect the following change on line 17
  • %BRIDGEGATE_ROOT%\java\bin\java -cp %CPATH% -server -DBRIDGEGATE_ROOT=%BRIDGEGATE_ROOT%/ com.oidev.ftp.server.ftpd
  • Save the file
  • Delete the file: \bridgegate\bin\DELETE_ME_TO_DISPLAY_FTP_SERVER_WINDOW.hide
  • Execute \bridgegate\bin\runFTPserver.bat
  • The FTP Server GUI should be presented.
  • Select File…Advanced Properties
  • Configure the appropriate settings on the Secure SSL tab
    ftp_ssl_config
  • Select OK
  • Select File…Quit
  • Start the BridgeGate FTP Service
  • Use openSSL to generate the cert request and key file.

Creating the SSL Certs

The following examples are what were used to create the SSL certs for test and prod environments. Change the highlighted elements as needed for each specific situation.

  • openssl req -new -newkey rsa:2048 -nodes -out hsntestedi_hsn_net.csr -keyout hsntestedi_hsn_net.key -subj “/C=US/ST=Florida/L=Petersburg/O=HSN/OU=IT/CN=hsntestedi.hsn.net”
  • openssl req -new -newkey rsa:2048 -nodes -out hsnedi_hsn_net.csr -keyout hsnedi_hsn_net.key -subj “/C=US/ST=Florida/L=Petersburg/O=HSN/OU=IT/CN=hsnedi.hsn.net”
  • openssl req -new -newkey rsa:keysize -nodes -out common_name.csr -keyout common_name.key -subj “/C=US/ST=State/L=City/O=Organization/OU=Department/CN=name”

The following site was used to generate the openSSL command line:

https://www.digicert.com/easy-csr/openssl.htm

ftp_ssl_cert

  • Two files are generated: common_name.key and common_name.csr.
  • Deliver the csr request to the Signing Authority, and a signed certificate file will be returned.
  • Use the BridgeGate Workbench to create a keystore or to modify the existing keystore.
  • Move the keystore file into place and modify the appropriate bridgegate cfg files to update the location and password of the new keystore.
  • Restart the BridgeGate Service and the workbench for the changes to take effect.
  • If you prefer the command line you can download a command line keytool.

Was this helpful?