Help Configuring TLS

Mon, 16 Mar 2009 01:17:04 -0700 

Hi,
I'm having trouble establishing a connection to FTP Server over TLS (or SSL). I have FTP Server up and running w/o encryption and it works very well. I'm using version 1.0.0-M3 of FTP Server, and I've tried using both FireFTP v1.0.4 and FileZilla v3.2.2.1 for my client sw. I tried opening the proper ports in my firewall, but eventually just placed the server in the DMZ for debugging, but did not see any change in behavior. (I should note, I'm running the server and client on the same box) When I try to connect the client shows: 
-220 Service ready for new user
-  AUTH TLS
-234 Command AUTH okay; starting TLS connection
-  PBSZ 0
and then it hangs for ~30 seconds before closing the connection without any further output. 

The FTP Server log shows:
[ INFO] 2009-03-15 23:54:18,553 [] CREATED
[ INFO] 2009-03-15 23:54:18,569 []  OPENED
[ INFO] 2009-03-15 23:54:18,584 []  SENT: 220 Service ready for new user.

[ INFO] 2009-03-15 23:54:18,725 []  RECEIVED: AUTH TLS
[ INFO] 2009-03-15 23:54:46,902 []  CLOSED


I have used Sun's keytool to generate my own self-signed certificate 
with the following command:
keytool -genkeypair -v -alias ThoughtWheelsFTP -keyalg rsa -keypass 
XXXXX -keystore keys.jks -storepass XXXXX -validity 360


I can verify that my keystore has a single key in it using:
keytool -list -keystore keys.jks

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

thoughtwheelsftp, Mar 8, 2009, PrivateKeyEntry,

Certificate fingerprint (MD5): 
38:D5:57:81:19:83:57:F2:46:49:B0:79:52:5D:C7:AD



If I modify my FTP Server configuration file to have the improper 
password, I get exceptions in my ftpd.log file, so I know FTP Server is 
actually reading my keystore and finding my key...


My secure nio-listener is setup in my configuration file as follows:
<nio-listener name="secure" port="22" idle-timeout="1200">
     <ssl>

       <keystore file="./res/conf/keys.jks" password="storepassword" 
key-alias="ThoughtWheelsFTP" key-password="keypassword" />

     </ssl>

     <data-connection idle-timeout="1200">
       <active enabled="false" />
       <passive ports="10000-11000" />
     </data-connection>
   </nio-listener>


I have been searching around online for a solution to this for a couple 
days and am at a total loss.  Any help anyone could provide would be 
greatly appreciated.


Thanks,

Mike























					Reply via email to