hi, Regarding my questions for FTPS connection to IBM (my past emails at the bottom)
Our Unix admin installed lftp (3.0.13) on one AIX box with OpenSSL support . after 1st test t IBM information exchange we have i think now firewall or x.509 key issue . (Network admin opened FWL for high TCP ports (>1024) and port 21 as IBM wants.) e.g. $lftp set ssl:key-file /home/apeutld1/nlcan.nlcan003_rsa.pem set ssl:cert-file /home/apeutld1/nlcan.nlcan003_Cert.pem set net:max-retries 4 set net:reconnect-interval-base 2 lftp :~> open emeaieftpgw.ihost.com lftp emeaieftpgw.ihost.com:~> ls `ls' at 0 [Delaying before reconnect:1] <-- this repeats net:max-retries = 4 times and then : ls: Fatal error: max-retries exceeded lftp emeaieftpgw.ihost.com:~> Can i see somewhere log to search for issue or turn the logging on?? Alexander wrote that keys with passwords are not supported yet. Since no replies on my last e-mail, I converted PKS key to PEM key via Openssl command. It asked me for new (4 char) passwd and i tried with blank but he didn't like it so i had to put something ,i put spaces. At the end i've split PEM key in 3 files according to http://pki.services.ibm.com/ieftp/convert2pem.shtml . On http://article.gmane.org/gmane.comp.gnu.gnupg.users/3501 i saw some example that uses pem key? thank you & Regards, Branko > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf > Of Misovic, B. - Branislav - > Sent: Monday, August 15, 2005 16:04 > To: [EMAIL PROTECTED] > Cc: [email protected] > Subject: RE: x.509 authentication supported ? > > > hi Alexander ,all > > Sorry to bug you again. > > I found file that has certificate from IBM information > exchange,it is .PFX file. > Wiki says for X509 certs: http://en.wikipedia.org/wiki/PKCS > that pfx is one of 6 formats in X.509, and it is basically > a .P12 - PKCS#12, which may contain certificate(s) (public) > and private keys (password protected) > > at IBM website when getting the certificate from web browser : > http://pki.services.ibm.com/ieftp/ie5.shtml > the person should put passwd for that file. > > Later they say that for, e.g. FTP-TLS client, i need to > convert PKCS#12 to PEM format > http://pki.services.ibm.com/ieftp/webdocs.shtml#ftps_clients > by "openssl pkcs12 -in pkcs#12_filename -out pem_filename" > and then enter passwords etc... They describe it in : > http://pki.services.ibm.com/ieftp/convert2pem.shtml > (i would need to split pem into 2 files, private key and > client certificate) > > now when you said: > > Password protected keys are not supported yet. > Can you tell me if LFTP 3.0.13 will or will not work for me > ? ( btw. ssh -V says mentions OpenSSL 0.9.7d on our AIX machine) > > Or maybe there is workaround ? maybe when i convert it to PEM > i can leave the password blank? > It is important for me to know this , so to not spend to much > time and all... > > (at moment i'm stuck with testing lftp due to some firewall > issues etc., plus i don't have passwd of above .PFX file, my > colleague will need to re-export it from his browser with > new passwd.) > > and i hope that my questions are understandable as I'm new to this. > > Best regards, > branko > > p.s. i hope it will work, then I'll definitely ask > management to give some support to lftp developers. > ********************************************** > Branislav Misovic > Canon Europe N.V. > System Development Department > Tel:+31/(0)20/503-5947 > > > -----Original Message----- > > From: Alexander V. Lukyanov [mailto:[EMAIL PROTECTED] > > Sent: Friday, August 12, 2005 8:35 > > To: Misovic, B. - Branislav - > > Cc: [email protected] > > Subject: Re: x.509 authentication supported ? > > > > > > On Fri, Aug 12, 2005 at 04:47:26AM +0200, Misovic, B. - > > Branislav - wrote: > > > Hence the question, is X.509 supported in LFTP or not? > > > > It is supported, provided the private key is not encrypted. > > Password protected > > keys are not supported yet. > > > > Use these settings: > > ssl:key-file > > ssl:cert-file > > > > -- > > Alexander.. > > > >
