Server certificate could not be validated.

Question

Hi, I'm trying to connect FileZilla Server v0.9.41 beta in FTPS mode, using java code with edtftpj-pro. The following are the steps I did:
1. Generated server certificate for FileZilla and enabled FTPS. The certificate is :
-----BEGIN CERTIFICATE-----
MIICgDCCAemgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhTEUMBIGA1UEAxMLNDkuMjcuMjMuMzQx
CzAJBgNVBAYTAkNBMQswCQYDVQQIEwJPTjEQMA4GA1UEBxMHVG9yb250bzEOMAwGA1UEChMFVERC
RkcxDTALBgNVBAsTBERDVFMxIjAgBgkqhkiG9w0BCQEWE21hbmlzaC5hcm9yYUB0ZC5jb20wHhcN
MTIxMjMxMjIxMTMwWhcNMTMxMjMxMjIxMTMwWjCBhTEUMBIGA1UEAxMLNDkuMjcuMjMuMzQxCzAJ
BgNVBAYTAkNBMQswCQYDVQQIEwJPTjEQMA4GA1UEBxMHVG9yb250bzEOMAwGA1UEChMFVERCRkcx
DTALBgNVBAsTBERDVFMxIjAgBgkqhkiG9w0BCQEWE21hbmlzaC5hcm9yYUB0ZC5jb20wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBALCIe682F9kvklILk9j5oqNpymF+aTVkW3V6pLMYwiRsw0gb
cw3zm92ge3sgjT9qFocmjxgPtWx2VykVZ3/8SoPaEUslUWcd8q/KsknR6WhD/00nDnoBZVHZ0k2E
4n5r/MCiFKtJiCoeADJ1O4Jp+5XBpj8E3PgHk0rm8yO0IiGRAgMBAAEwDQYJKoZIhvcNAQEFBQAD
gYEAfU2bijrZD5e0zRTlYTNTWNi337TYi+6JdEkFIO7m9qnDA/32zT7XPcgs8gd2YBzBKppO/eFV
UEzXGgpf5sMZZeQZEkxwE+iqiAx7f8vQs1CLHSUOoKDeLQrLzsAsTWeNWBXn4d3I1wi1KPZ385hF
aaySCwpoZYHJ3l8gBdVib/M=
-----END CERTIFICATE-----

2. The below is the java code, trying to connect to server in FTPS

package jms.ftp;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.IOException;

import jms.Utils;

import com.enterprisedt.net.ftp.FTPException;
import com.enterprisedt.net.ftp.ssl.SSLFTPCertificateException;
import com.enterprisedt.net.ftp.ssl.SSLFTPClient;

public class FtpFiles {

   private String host;
   private int port;
   private String userName;
   private String userPwd;
   private boolean validateServer;
   private SSLFTPClient sftp;

   public FtpFiles(String h, int p, String uName, String uPwd,
         boolean validateServer) {
      this.host = h;
      this.port = p;
      this.userName = uName;
      this.userPwd = uPwd;
      this.validateServer = validateServer;
      setupSSLFTPClient();
   }

   public boolean getFile(String remoteFileName, String localFileName) {
      boolean isFileGot = false;
      File localFile = new File(localFileName);
      try {

         byte[] remoteFileContent = this.sftp.get(remoteFileName);
         FileOutputStream fos = new FileOutputStream(localFile);
         fos.write(remoteFileContent);
         fos.close();
         isFileGot = true;
      } catch (FTPException e) {
         e.printStackTrace();
      } catch (IOException e) {
         e.printStackTrace();
      }
      localFile = null;
      return isFileGot;
   }

   public boolean putFile(String remoteFileName, String fileContent) {
      boolean isFilePutSuccess = false;

      try {
         InputStream srcStream = new ByteArrayInputStream(fileContent
               .getBytes("UTF-8"));
         if (this.sftp.connected()) {
            this.sftp.put(srcStream, remoteFileName);
            isFilePutSuccess = true;
         } else {
            Utils.println("FtpFiles : ftp server connection failed!");
         }
      } catch (FTPException e) {
         // TODO Auto-generated catch block
         e.printStackTrace();
      } catch (IOException e) {
         // TODO Auto-generated catch block
         e.printStackTrace();
      }

      return isFilePutSuccess;
   }

   @SuppressWarnings("deprecation")
   private void setupSSLFTPClient() {
      try {
         this.sftp = new SSLFTPClient(this.host, 0);

         String securityMechanism = null;

         if (this.validateServer) {
            sftp.getRootCertificateStore().importPEMFile(
                  Utils.sslServerCertLocation);
            sftp.setValidateServer(true);
            securityMechanism = SSLFTPClient.AUTH_TLS_C;
         } else {
            sftp.setValidateServer(false);
            securityMechanism = SSLFTPClient.AUTH_TLS;
         }

         sftp.connect();

         sftp.auth(securityMechanism);

         sftp.login(this.userName, this.userPwd);
      } catch (FTPException e) {
         if (e instanceof SSLFTPCertificateException) {
            ((SSLFTPCertificateException) e).printCertificates();
         }
         e.printStackTrace();
      } catch (IOException e) {
         // TODO Auto-generated catch block
         e.printStackTrace();
      }
   }

   @Override
   protected void finalize() throws Throwable {
      if (this.sftp != null) {
         this.sftp.quit();
      }
      this.sftp = null;
   }
}

3. On running the above code, its giving exception as:
com.enterprisedt.net.ftp.ssl.SSLFTPCertificateException: Server certificate could not be validated. (use SSLFTPCertificateException.printCertificates to view certificates.)
[12/31/12 17:31:54:471 EST] 00000028 SystemErr R at com.enterprisedt.net.ftp.ssl.SSLFTPControlSocket.c(SSLFTPControlSocket.java:311)
[12/31/12 17:31:54:471 EST] 00000028 SystemErr R at com.enterprisedt.net.ftp.ssl.SSLFTPClient.auth(SSLFTPClient.java:1420)
[12/31/12 17:31:54:471 EST] 00000028 SystemErr R at jms.ftp.FtpFiles.setupSSLFTPClient(FtpFiles.java:106)
[12/31/12 17:31:54:471 EST] 00000028 SystemErr R

Answer 1

Could you 1) try the example code that is included and 2) post the log file at the ALL level of logging.

http://www.enterprisedt.com/products/ed ... .java.html

Answer 2

Thanks support2, I got this working. The issue was - the certificate issued was to machine name, and I was using '127.0.0.1' to connect, thus common name mismatch. It would have been easier if the error message in exception ("com.enterprisedt.net.ftp.ssl.SSLFTPCertificateException: Server certificate could not be validated. (use SSLFTPCertificateException.printCertificates to view certificates.)") would have been descriptive enough to make appropriate fixes quickly.

Thanks again for your help.