none
BizTalk 2016 Enterprise native FTP Adapter functionality like (nsoftware.BizTalk.FTP.SSLAcceptServerCertAcceptAny)

    Question

  • Hi,

    We have a number of BizTalk solutions which currently use n/software BizTalk Adapter's. (BizTalk 2009)  As part of a uplift, we are investigating moving to the native FTP adapter.  The solution(s) uses dynamically configured FTP/S ports.

    The property nsoftware.BizTalk.FTP.SSLAcceptServerCertAcceptAny is a part of the nsoftware FTP implementation.  It allows the n/software FTP adapter implementation to accept server certificate presented.  

    Based on my current testing, there do not appear to be similar functionality in the native FTP adapter.  The native FTP adapter appears to require a certificate (for each FTPS site) stored in the certificate store of the account under which the BizTalk host instance runs.

    Just looking for confirmation of my current understanding of the native FTP adapter in BizTalk 2016.

    Thanks,

    Willjr20


    Tuesday, March 21, 2017 1:45 AM

Answers

  • This is true that SSLAcceptServerCertAcceptAny is not present in native FTP.

    However this setting is not recommended in production setup even by nsoftware.

    Having said that, there are still many advanced features in nsoftware adapter pack that is not available yet in native FTP or SFTP adpaters. Evaluate the needs before moving away :) 


    Pi_xel_xar

    Blog: My Blog

    BizTalkApplicationDeploymentTool: BizTalk Application Deployment Tool/

    Tuesday, March 21, 2017 7:11 AM
    Answerer
  • For clarity, the FTP(S) Adapter simply follows all the TLS/SSL rules.

    If the target site uses a publicly issued cert, it's no problem. If they issued their own cert, yes, you need to configure the certs locally just as you would an http site.

    Realistically, the n/software property is the outlier.

    Tuesday, March 21, 2017 11:52 AM
    Moderator

All replies

  • This is true that SSLAcceptServerCertAcceptAny is not present in native FTP.

    However this setting is not recommended in production setup even by nsoftware.

    Having said that, there are still many advanced features in nsoftware adapter pack that is not available yet in native FTP or SFTP adpaters. Evaluate the needs before moving away :) 


    Pi_xel_xar

    Blog: My Blog

    BizTalkApplicationDeploymentTool: BizTalk Application Deployment Tool/

    Tuesday, March 21, 2017 7:11 AM
    Answerer
  • For clarity, the FTP(S) Adapter simply follows all the TLS/SSL rules.

    If the target site uses a publicly issued cert, it's no problem. If they issued their own cert, yes, you need to configure the certs locally just as you would an http site.

    Realistically, the n/software property is the outlier.

    Tuesday, March 21, 2017 11:52 AM
    Moderator
  • Hi,

    Thanks for the reply(s).  I agree with your statements.  The current implementation of the solution uses the n/software adapter property.  I plan on remove this and get all of the required certificates/certificate chains and adding them to the installation process.  It's my opinion that it exposes a potential security issue.  So I could understand n/software not recommending this configuration for a production environment.

    Thanks,

    William

    Tuesday, March 21, 2017 2:49 PM