• Home
  • /
  • Anybody using Cloverleaf for EDI with secure FTP?

Anybody using Cloverleaf for EDI with secure FTP?

Homepage Clovertech Forums Read Only Archives Cloverleaf Cloverleaf Anybody using Cloverleaf for EDI with secure FTP?

  • Creator
    Topic
  • July 29, 2010 at 1:04 pm #51902
    Ken Seachrist
    Participant

    I would like to know if anybody is using Cloverleaf for EDI transactions and sending them using secure FTP.  Are you using it by choice, or were you “forced” into it?  Were there any issues that you had to work around?

    Thanks ahead of time for any information you can share!

  • Creator
    Topic
Viewing 3 reply threads
  • Author
    Replies
    • July 29, 2010 at 3:10 pm #72198
      Jim Kosloskey
      Participant

      Ken,

      Is this SFTP or FTPS (they are  different but are sometimes both called ‘secure FTP’)?

      If it is FTPS, then yes I have – you will need the additional cost secure socket add-on for Cloverleaf to use SSL (which is for FTPS).

      We did not have any choice it was outside the 4 walls and that is what the trading partner wanted.

      I believe Cloverleaf 5.8 also supports SFTP but am unsure of the need for the Secure Sockets add-on.

      However, you could always write your own Tcl code (as a UPOC protocol I suppose) and deploy the tclCurl package that is there in 5.6 and later.

      email: jim.kosloskey@jim-kosloskey.com 29+ years Cloverleaf, 59 years IT - old fart.

    • July 29, 2010 at 3:18 pm #72199
      Mark Thompson
      Participant

      Ken,

      We are delivering a file using sftp because that is the only way the vendor would accept it.  It required custom Tcl code in 5.7.  I understand sftp is a supported protocol in 5.8, and plan to use that after our next upgrade.

      - Mark Thompson
      HealthPartners

    • July 29, 2010 at 6:55 pm #72200
      Russ Ross
      Participant

      Ken:

      I wrote an expect script to SFTP/put a file from our Cloverleaf server to a vendor (TeleVox) outside our firewall and it has worked just fine.

      I already have a clovertech post from before showing the script and how I call it at this URL:

      http://clovertech.infor.com/viewtopic.php?t=2659

      Plain old FTP is no longer endorsed by our security department and they have choosen SSH/SFTP as the desired replacement.

      A downfall I have run into with SFTP is that when the server fails over and now has a different SSH-key on the new active node you have to update your known_hosts file with the new entry.

      You can add multiple entries in the known_host file for the same IP/hostname to help with this.

      Unfortunately, the SSH-kesy on the current known_hosts will change sometimes with various OS patches that impact SSH and your knonw_hosts entires will have to be updated everytime the SSH key changes on one of the foriegn SSH/SFTP servers that you log into.

      Russ Ross
      RussRoss318@gmail.com

    • July 29, 2010 at 7:38 pm #72201
      David Barr
      Participant

      Russ Ross wrote:

      … your knonw_hosts entires will have to be updated everytime the SSH key changes on one of the foriegn SSH/SFTP servers that you log into.

      This is a security feature.  It prevents someone from setting up another server that mimics a real server and tricks people into logging in to the wrong server (possibly through DNS attacks).

      FTPS addresses this issue by using SSL certificates that are signed by a CA, but enough people are using self-signed certificates for their servers that is common to ignore CA signature errors altogether.

  • Author
    Replies
Viewing 3 reply threads
  • The forum ‘Cloverleaf’ is closed to new topics and replies.

Forum Statistics

Registered Users
5,129
Forums
28
Topics
9,301
Replies
34,447
Topic Tags
288
Empty Topic Tags
10