I've been using Apache FtpServer for a couple years now to handle some
automated internal file tranfers that involve some post-processing and
it's been excellent - reliable and fast. However, I have a new
requirement that the connection be SSL. I thought it would be quick and
easy to configure, despite the fact that I know absolutely nothing about
how this should be configured. 
 
After setting it up that way I thought it should be, I get this in the
logs when the client tries to connect:
[ WARN] 2009-01-26 16:04:54,543 [] [10.2.56.43] CREATED
[ WARN] 2009-01-26 16:04:54,544 [] [10.2.56.43] OPENED

(Log level is set to DEBUG)
It never progresses past that stage. The client is never prompted for a
username. I've tried several things, but essentially my attempts are
random since I don't really know what I'm doing. So, I'd appreciate it
if someone could offer some advice.
 
I have a keystore (conf/keystore.jks) with one certificate:
% keytool -list -keystore conf/keystore.jks
Enter keystore password:  password
 
Keystore type: jks
Keystore provider: IBMJCE
 
Your keystore contains 1 entry
 
xfer, Jan 26, 2009, trustedCertEntry,
Certificate fingerprint (MD5):
80:40:2D:97:25:20:AD:50:BE:9D:06:CA:B0:77:CA:EB


This is running on AIX. My contact on the client side tells me it should
be enough to just have the certificate (it was provided by him and is
the same as the one in his application).
 
My ftpd.xml has the following configuration:
 
        <listeners>
                <nio-listener name="default" port="30021"
implicit-ssl="true">
                        <ssl protocol="SSL"
client-authentication="WANT">
                        <keystore file="conf/keystore.jks"
password="password"  key-alias="xfer" algorithm="IbmX509" />
                        <truststore file="conf/keystore.jks"
password="password" algorithm="IbmX509" />
                        </ssl>
                        <data-connection implicit-ssl="true"/>
                </nio-listener>
        </listeners>

 
My last desperate attempt to get this working was to add 'protocol="SSL"
client-authentication="WANT"' to ssl and to add the '<data-connection
implicit-ssl="true"/>' line. Neither change got me past the 'OPENED'
step. I don't get any further that that when I try locally, so I know it
isn't a network issue. The server finds the keystore when it starts up.
There are no exceptions in the log, except for the one caused by forcing
the connection to close.

Can anyone help me out? The attached logfile is a clean start,
connection attempt, cancelled from the client, shutdown.

Thanks in advance!






-----------------------------------------
Use of email is inherently insecure. Confidential information,
including account information, and personally identifiable
information, should not be transmitted via email, or email
attachment.  In no event shall Citizens or any of its affiliates
accept any responsibility for the loss, use or misuse of any
information including confidential information, which is sent to
Citizens or its affiliates via email, or email attachment. Citizens
does not guarantee the accuracy of any email or email attachment,
that an email will be received by Citizens or that Citizens will
respond to any email. 
 
This email message is confidential and/or privileged. It is to be
used by the intended recipient only.  Use of the information
contained in this email by anyone other than the intended recipient
is strictly prohibited. If you have received this message in error,
please notify the sender immediately and promptly destroy any
record of this email.

Reply via email to