To configure additional settingsTo configure additional settings
For a listener using FTP or FTPS protocol:Field | Description |
Activate listener | Select this option to activate and run the listener in all the ActiveTransfer instances. |
Bindings | |
Name | Type a unique name for the listener. |
Host | Type a host name or IP address. localhost is the default. Note: A listener created with localhost as the host will be accessible through all the IPs assigned to the host machine. |
Port | Type a unique port number. Note: Make sure that the port you specify is not used by any application, including the default ports used for ActiveTransfer Server and ActiveTransfer Gateway (2080 and 8500, respectively). |
Share this information with the user through email | Select this option if you want to mention that this port number is used along with the other listener information such as, listener name, host, port, protocol, creation of a new user account, modification to the credentials or server connection details for a user, or permissions granted to folders in the email shared with the user. |
Support single sign-on | Select this option if you want to enable SSO for this listener. For more information about configuring SSO, see
Configuring Single Sign-On for
ActiveTransfer Web Client. Also, to understand how client certificate authentication affects this field, see the description of Require valid client certificate and password. |
Access | |
Passive port range | Type the From and To range of port numbers that can be used for passive port connections. |
Passive IP address | Do one of the following: If you want ActiveTransfer Server to automatically assign the IP address or host name of the server based on the listener configuration, type Auto.If you want to provide a specific IP address manually, type the IP address to use for the passive IP address. |
Welcome message | Type a welcome message for display in the client console (example, ActiveTransfer web client, FileZilla client, and so on) when a user logs in. |
Router/Firewall aware | Select this option if the incoming client connections are routed through a router or firewall, that is FTP-aware. FTP-aware routers and firewalls inspect the FTP command and response, and might modify the response. It is possible that a client cannot connect to ActiveTransfer Server or transfer files even when a listener is active. This happens when either a firewall exists between the client and the server or the virtual private network the client uses has altered the IP address given to ActiveTransfer Server. Note: Check your firewall configuration before selecting this option. |
SSL options | |
Activate | Select this option to activate SSL encryption. |
Keystore location | Type the path or browse to the location of the keystore file. ActiveTransfer Server loads the truststore file from the keystore file path, Keystore-File-Path_trust. For example, C://keystore/key for Windows and /usr/keystore/key for UNIX. Note: This keystore file overrides any global SSL encryption settings that apply to all listeners on the server. |
Keystore password | Type the keystore password. |
Private key password | Type the private key password. |
Require valid client certificate | Select this option if you want to allow connections for clients with a valid client certificate. When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. For details on how to map client certificates to users, see "User Certificate Mapping" section in the document. When establishing a connection with the server, ActiveTransfer validates only the client certificate but not the password. Tip: To store valid certificates: 1. Create a truststore file in the same location as the keystore file named keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore file name should be server_ks.jks_trust. 2. Add the valid client certificates to this truststore. |
Require valid client certificate and password | Select this option if you want ActiveTransfer to validate both the client certificate and the password when establishing a connection with the server. |
Encryption | |
Explicit SSL | Select this option to enable support for explicit SSL for use in encryption mode (FTPES). Select the Require encryption option to force the client to use the data transfer encryption mode while connecting to an FTP server. In this mode, the client cannot switch off the channel encryption. |
Implicit SSL | Select this option to enable support for implicit SSL for use in encryption mode (FTPS). SSL is used on all the clients in each session. |
Protocols | Select one or more of the following supported protocols for explicit SSL or implicit SSL encryption modes: TLSv1.2TLSv1.1TLSv1.0SSLv3Note: In JDK 8u31, JDK 7u75, JDK 6u91, and later version, SSLv3 is disabled by default. To use SSLv3, you must manually enable SSLv3 in JVM. |
Priority options | |
Command delay interval (in ms) | Type the command delay interval in milliseconds to add a pause between each command in order to slow down clients that continually access the server. |
For a listener using SFTP protocol:Field | Description |
Activate listener | Select this option to activate and run the listener in all the ActiveTransfer instances. |
Bindings | |
Name | Type a unique name for the listener. |
Host | Type a host name or IP address. localhost is the default. Note: A listener created with localhost as the host will be accessible through all the IPs assigned to the host machine. |
Port | Type a unique port number. Note: Make sure that the port you specify is not used by any application, including the default ports used for ActiveTransfer Server and ActiveTransfer Gateway (2080 and 8500, respectively). |
Share this information with the user through email | Select this option if you want to mention that this port number is used along with the other listener information such as, listener name, host, port, protocol, creation of a new user account, modification to the credentials or server connection details for a user, or permissions granted to folders in the email shared with the user. |
SSH: Server host keys Note: When RSA/DSA host keys are configured and not found in the file system, ActiveTransfer generates the RSA/DSA host keys (private keys) in the specified location. If only the file name is mentioned, then ActiveTransfer generates the private keys in the default location, Installation_directory\IntegrationServer\instances\default. | |
RSA | Select Active to enable RSA encryption, and type the file name or browse to the location of the file containing the key for the RSA algorithm. |
Password | Type the password to access the RSA key, if required. |
DSA | Select Active to enable DSA encryption, and type the file name or browse to the location of the file containing the key for the DSA algorithm. |
Password | Type the password to access the DSA key, if required. |
SSH: Authentication | |
Require password authentication | Select this option if you want to make password authentication mandatory for a user. |
Require public key authentication | Select this option if you require a certificate or public key when a secure connection is established with a partner. Whether password-based authentication is mandatory or not, authentication of a connection established with a partner is done with the public key. |
SSH: Supported ciphers | Select the required ciphers from the list. |
SSH: Supported MAC | Select the supported keyed-hash message authentication codes (HMACs) for verification of data integrity from the list. |
SSH: Connection settings | |
Use asynchrorous threading | Select this option if you want to use asynchronous threading to enable multiple file transfers to run concurrently. |
Idle timeout (sec) | Type a timeout value in seconds for disconnecting an idle connection. |
Priority options | |
Command delay interval (ms) | Type a command delay interval in milliseconds to add a pause between each command in order to slow down clients that continually access the server. |
For a listener using HTTP or HTTPS protocol:Field | Description |
Activate listener | Select this option to activate and run the listener in all the ActiveTransfer instances. |
Bindings | |
Name | Type a unique name for the listener. |
Host | Type a host name or IP address. localhost is the default. Note: A listener created with localhost as the host will be accessible through all the IPs assigned to the host machine. |
Port | Type a unique port number. Note: Make sure that the port you specify is not used by any application, including the default ports used for ActiveTransfer Server and ActiveTransfer Gateway (2080 and 8500, respectively). |
Share this information with the user through email | Select this option if you want to mention that this port number is used along with the other listener information such as, listener name, host, port, protocol, creation of a new user account, modification to the credentials or server connection details for a user, or permissions granted to folders in the email shared with the user. |
Support single sign-on | Select this option if you want to enable SSO for this listener. For more information about configuring SSO, see
Configuring Single Sign-On for
ActiveTransfer Web Client. Also, to understand how client certificate authentication affects this field, see the description of Require valid client certificate and password. |
SSL options | |
Keystore location | Type or browse to the path to the keystore file. ActiveTransfer Server loads the truststore file from the keystore file path, <Keystore-File-Path>_trust. For example, C://keystore/key for Windows and /usr/keystore/key for UNIX. Note: This keystore file overrides any global SSL encryption settings that apply to all listeners on the server. |
Keystore password | Type the keystore password. |
Private key password | Type the private key password. |
Require valid client certificate | Select this option if you want to allow connections for clients with a valid client certificate. When this option is selected, ActiveTransfer Server expects the clients requesting a server connection to present a valid certificate. The certificate should match one of the certificates stored in the truststore. For details on how to map client certificates to users, see "User Certificate Mapping" section in the document. When establishing a connection with the server, ActiveTransfer validates only the client certificate but not the password. Tip: To store valid certificates: 1. Create a truststore file in the same location as the keystore file named keystoreName_trust. For example, if the keystore file name is server_ks.jks, the truststore file name should be server_ks.jks_trust. 2. Add the valid client certificates to this truststore. |
Require valid client certificate and password | Select this option if you want ActiveTransfer to validate both the client certificate and the password when establishing a connection with the server. Additionally, when you select this option, ActiveTransfer clears the selection of Support single sign-on because SSO authentication is dependent on the identity provider and not client certificates. |
Protocols | Select one or more of the following supported protocols for explicit SSL or implicit SSL encryption modes: TLSv1.2TLSv1.1TLSv1.0SSLv3Note: In JDK 8u31, JDK 7u75, JDK 6u91, and later version, SSLv3 is disabled by default. To use SSLv3, you must manually enable SSLv3 in JVM. |
Priority options | |
Command delay interval (ms) | Type a command delay interval in milliseconds to add a pause between each command in order to slow down clients that continually access the server. |