The prerequisite for using the OFTP2 module is a functioning network connection (TCP/IP) to the other side. At least one side must have a fixed IP address or a host name. Based on this, OFTP2 establishes an encrypted TLS connection to the partner. A connection with OFTP2 to OFTP/TCP is not possible! !MC5 supports TLS versions 1.0 to 1.3. Since TLS 1.0 and TLS 1.1 are no longer considered sufficiently secure, it is recommended to use TLS 1.2 and TLS 1.3 only. Whether this is possible depends on the OFTP software used by your partners.
Make sure that the system running !MC5 is reachable from outside your local network via port 6619 (routing and firewalls have to be adapted accordingly). For outgoing connections, port 6619 is generally used as well (firewalls have to be adapted accordingly). For an overview of the network settings required by !MC5, modules and add-ons, see Introduction / Installation and Setup / Network Settings and Required Ports.
For a successful connection to your partner, you must have entered your own Odette identifier in advance. Further instructions are available in the chapter about OFTP / OFTP2.
Both parties should have a valid digital certificate. You must clarify with your partner whether these must be self-signed or signed by an (official) certification authority (e.g. the Odette). For incoming connections to be accepted, a separate certificate must be set in !MC5. For outgoing connections it may be required. Partner certificates must be stored in the partner database of !MC5 for outgoing connections to the respective partner and for incoming connections if the option Request certificate from clients is enabled in the settings.
To import your own certificate, proceed as follows:
1 Start !MC5 and select Settings / OFTP2 / Security.
2 Under TLS/OFTP2 Certificates, click the Add certificate button .
3 You now have the choice between different methods to select or create a certificate. Which one you have to choose depends on whether you already have a suitable certificate or have to create one first. If you already have a certificate, you can import it from a file or select it from the Windows Certificate Store. For the latter, the certificate must be stored in your personal Windows Certificate Store! If you do not have a certificate yet, then you can create a self-signed certificate. Select the appropriate import method and follow the instructions of the certificate wizard.
Certificate must have private key
Own certificates must always be imported with private key. If it is imported from a file, then it must be a file with the extension .pfx and you will be asked for the password for the file during the import. If you are using a certificate from the Odette organization (applied for via https://www.odettesecure.com), you can find information on how to create a PFX file from the downloaded files in the Odette help: https: //www.odette.org/repository/odettesecure_digital_certs_help.pdf
4 Once you have successfully selected a certificate, select the intended uses for the certificate. OFTP2 functions can only be used if a certificate is specified for the respective purpose. A certificate for TLS authentication is mandatory for OFTP2. In many cases, only one certificate is used for all purposes. In this case, activate all options. After selecting the purposes, you can change the date and time from which on the certificate should be used (the certificates valid from date/time is set as default) and then finish the wizard by clicking Finish.
5 Now apply the new settings with a click on Save changes. !MC5 is now ready to accept and establish connections via the OFTP2 module.
