Anybody using Cloverleaf for EDI with secure FTP?

Clovertech Forums Read Only Archives Cloverleaf Cloverleaf Anybody using Cloverleaf for EDI with secure FTP?

  • Creator
    Topic
  • #51902
    Ken Seachrist
    Participant

      I would like to know if anybody is using Cloverleaf for EDI transactions and sending them using secure FTP.  Are you using it by choice, or were you “forced” into it?  Were there any issues that you had to work around?

      Thanks ahead of time for any information you can share!

    Viewing 3 reply threads
    • Author
      Replies
      • #72198
        Jim Kosloskey
        Participant

          Ken,

          Is this SFTP or FTPS (they are  different but are sometimes both called ‘secure FTP’)?

          If it is FTPS, then yes I have – you will need the additional cost secure socket add-on for Cloverleaf to use SSL (which is for FTPS).

          We did not have any choice it was outside the 4 walls and that is what the trading partner wanted.

          I believe Cloverleaf 5.8 also supports SFTP but am unsure of the need for the Secure Sockets add-on.

          However, you could always write your own Tcl code (as a UPOC protocol I suppose) and deploy the tclCurl package that is there in 5.6 and later.

          email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

        • #72199
          Mark Thompson
          Participant

            Ken,

            We are delivering a file using sftp because that is the only way the vendor would accept it.  It required custom Tcl code in 5.7.  I understand sftp is a supported protocol in 5.8, and plan to use that after our next upgrade.

            - Mark Thompson
            HealthPartners

          • #72200
            Russ Ross
            Participant

              Ken:

              I wrote an expect script to SFTP/put a file from our Cloverleaf server to a vendor (TeleVox) outside our firewall and it has worked just fine.

              I already have a clovertech post from before showing the script and how I call it at this URL:

              https://usspvlclovertch2.infor.com/viewtopic.php?t=2659

              Plain old FTP is no longer endorsed by our security department and they have choosen SSH/SFTP as the desired replacement.

              A downfall I have run into with SFTP is that when the server fails over and now has a different SSH-key on the new active node you have to update your known_hosts file with the new entry.

              You can add multiple entries in the known_host file for the same IP/hostname to help with this.

              Unfortunately, the SSH-kesy on the current known_hosts will change sometimes with various OS patches that impact SSH and your knonw_hosts entires will have to be updated everytime the SSH key changes on one of the foriegn SSH/SFTP servers that you log into.

              Russ Ross
              RussRoss318@gmail.com

            • #72201
              David Barr
              Participant

                Russ Ross wrote:

                … your knonw_hosts entires will have to be updated everytime the SSH key changes on one of the foriegn SSH/SFTP servers that you log into.

                This is a security feature.  It prevents someone from setting up another server that mimics a real server and tricks people into logging in to the wrong server (possibly through DNS attacks).

                FTPS addresses this issue by using SSL certificates that are signed by a CA, but enough people are using self-signed certificates for their servers that is common to ignore CA signature errors altogether.

            Viewing 3 reply threads
            • The forum ‘Cloverleaf’ is closed to new topics and replies.