Hi Mike, first, a couple of control questions: * Could you please try the latest code (1.0.0). We done some fixes with regards to SSL support since M3, so there might be some changes for you as well * Could you provide log files at debug level from the server (I'm pretty sure they won't help right now, but we should at least give it a try) * Could you try setting the same store and key password. We should definitely support having different passwords, but since it rather unusual it's worth trying. * Could you try removing the key-alias from your configuration
/niklas On Mon, Mar 16, 2009 at 6:07 AM, Mike Muske <[email protected]> wrote: > Hi, > > I'm having trouble establishing a connection to FTP Server over TLS (or > SSL). I have FTP Server up and running w/o encryption and it works very > well. I'm using version 1.0.0-M3 of FTP Server, and I've tried using both > FireFTP v1.0.4 and FileZilla v3.2.2.1 for my client sw. I tried opening the > proper ports in my firewall, but eventually just placed the server in the > DMZ for debugging, but did not see any change in behavior. (I should note, > I'm running the server and client on the same box) When I try to connect > the client shows: > -220 Service ready for new user > - AUTH TLS > -234 Command AUTH okay; starting TLS connection > - PBSZ 0 > and then it hangs for ~30 seconds before closing the connection without any > further output. > > The FTP Server log shows: > [ INFO] 2009-03-15 23:54:18,553 [] CREATED > [ INFO] 2009-03-15 23:54:18,569 [] OPENED > [ INFO] 2009-03-15 23:54:18,584 [] SENT: 220 Service ready for new user. > > [ INFO] 2009-03-15 23:54:18,725 [] RECEIVED: AUTH TLS > [ INFO] 2009-03-15 23:54:46,902 [] CLOSED > > I have used Sun's keytool to generate my own self-signed certificate with > the following command: > keytool -genkeypair -v -alias ThoughtWheelsFTP -keyalg rsa -keypass XXXXX > -keystore keys.jks -storepass XXXXX -validity 360 > > I can verify that my keystore has a single key in it using: > keytool -list -keystore keys.jks > > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 1 entry > > thoughtwheelsftp, Mar 8, 2009, PrivateKeyEntry, > Certificate fingerprint (MD5): > 38:D5:57:81:19:83:57:F2:46:49:B0:79:52:5D:C7:AD > > If I modify my FTP Server configuration file to have the improper password, > I get exceptions in my ftpd.log file, so I know FTP Server is actually > reading my keystore and finding my key... > > My secure nio-listener is setup in my configuration file as follows: > <nio-listener name="secure" port="22" idle-timeout="1200"> > <ssl> > <keystore file="./res/conf/keys.jks" password="storepassword" > key-alias="ThoughtWheelsFTP" key-password="keypassword" /> > </ssl> > > <data-connection idle-timeout="1200"> > <active enabled="false" /> > <passive ports="10000-11000" /> > </data-connection> > </nio-listener> > > I have been searching around online for a solution to this for a couple days > and am at a total loss. Any help anyone could provide would be greatly > appreciated. > > Thanks, > > Mike > >
