Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
Ask a Question

The server's certificate chain is too long exception

0 votes
3.8k views
in Java FTP by (240 points)
I am trying to transfer file with edtftpj-pro using FTPSWithClientServerValidation. When I tried to connect to the other server, I am getting the following exception. Could you please help me resolve the problem. Please let me know in case more input is required. Thanks!

Switching to FTPS (explicit mode)
ERROR [SSLFTPClient] 21 Feb 2007 09:24:58.593 : Error while verifying server certificate : The server's certificate chain is too long
com.enterprisedt.net.ftp.ssl.SSLFTPException: The server's certificate chain is too long
at com.enterprisedt.net.ftp.ssl.SSLFTPStandardValidator.validateServerCertificate(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient$2.acceptPeerCertificate(Unknown Source)
at com.enterprisedt.net.puretls.n.B(Unknown Source)
at com.enterprisedt.net.puretls.Z.B(Unknown Source)
at com.enterprisedt.net.puretls.n.E(Unknown Source)
at com.enterprisedt.net.puretls.i.G(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.handshake(Unknown Source)
at com.enterprisedt.net.ftp.ssl.B.E(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.auth(Unknown Source)
at UseFTPSWithClientServerValidation.main(UseFTPSWithClientServerValidation.java:90)

3 Answers

0 votes
by (51.6k points)
The default maximum certificate length is 2. This may be changed by setting 
SSLFTPStandardValidator.MAX_CERTIFICATE_CHAIN_LENGTH

Try setting it to 3 or 4.

Please let us know if this does not solve the problem.

- Hans (EDT)
0 votes
by (240 points)
Thanks Hans. I changed the max length to 4 and it worked fine. Could you please let me know what might be the problem? Is it because the certificate chain length will be more than 2? Because I had run the same program with the same certificate and it went through successfully. Thanks!
0 votes
by (51.6k points)
Yes, the server must be sending a certificate chain containing three or more certificates. Is this not consistent with what you're expecting?

You can retrieve the certificate directly from the server using the SSLFTPClient.getServerCertificate method. You can then save this to a file and inspect it using a text editor. You should be able to see how many certificates are in it. You can also use the methods of SSLFTPCertificate to inspect the content of the certificates if you like.

- Hans (EDT)

Categories

EnterpriseDT 2020
...