Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
24.1k views
in Java FTP by (1.1k points)
Hello,

I don't understand well FTP SSL. I'm using Filezilla server, auto-signed certificat generated by Filezilla. I read documentation (How to) of edtFTPj/PRO, but it's defintily not enough for newbie in the world of SSL.

Can help me to find an example ?

Best regards

34 Answers

0 votes
by (162k points)
Why are you using port 990?
0 votes
by (1.1k points)
It's the default FTPS port.
0 votes
by (162k points)
No, it's not. The default port is 21. The 990 port is the default port for implicit mode FTPS, which is a much older redundant protocol that should only be used if you have no other option.
0 votes
by (1.1k points)
Ok it solve my problem :D

Thanks a lot :)

Another question : on Filezilla (nor Wireshark log) i see all is ok (transfert is made in SSL), but i asking myself a question : i can't see message showing me that certificat are checked. Is that normal ?
0 votes
by (162k points)
Enable logging at the debug level and you should see a mention in the log of this.
0 votes
by (1.1k points)
It's ok. I made all exception so i know when all is ok.

Thanks for your help.
0 votes
by (1.1k points)
I have another issue :?

What i made is a "server validation" : i though it was the server that check client. Now i think the opposite : it's the client that check server. Is that right ?

Now i need to do "double validation (so client/server)". I saw the example. The problem is not coding problem, but understanding SSL.
I don't understand at all, where configurung Filezilla server to check client !

ftps.loadClientCertificate(clientCertFileName, clientKeyPassphrase);


Filezilla server got 3 SSL settings :
- Privatekey file
- Certificate file (that i used for the previous step - importPEMFile())
- Key password

So there is no "ClientCertificateFile settings".

Thanks for your help
0 votes
by (162k points)
I don't think Filezilla server supports client certificates.
0 votes
by (1.1k points)
I don't think Filezilla server supports client certificates.


It may be a good explain :)
0 votes
by (1.1k points)
To avoid that, i downloaded your server FTP, CompleteFTP.
In Settings / FTP/FTPS / Advanced FTP/S Settings / Security settings / Server certificate i clicked on "..." and then Export to a file (cert.pem).
Then i copy this file on my client. And :

secureFtpClient.getRootCertificateStore().importPEMFile("C:\\cert.pem");


This line throw SSLFTPCertificateException: Server certificate could not be validated. !!!

I didn't have this problem with Filezilla :?

Categories

...