FTPS Testing (General questions)
by gn, Friday, October 14, 2005, 18:24 (6979 days ago)
I was able to test SFTP functionality of wodFtpDLXCom by setting up OpenSSH in Cygwin with relative ease. When I then set out to test FTPS (3 different modes) I tried to set up proftpd in the same Cygwin, which proved to be impossible for me, at least after spending 2 days.
Do you guys have (or know of) a free FTPS site where I could test the control?
Thanks,
-gn
Re: FTPS Testing
by wodSupport, Friday, October 14, 2005, 18:26 (6979 days ago) @ gn
GN,
I would give you ours, but it's behind a firewall so data connection would be a problem.
Why don't you download trial of, for example, serv-u or some other windows servers? They all support SLL and you can set them up in few minutes.
Re: FTPS Testing
by gn, Friday, October 14, 2005, 22:36 (6979 days ago) @ wodSupport
Thanks. So I got Serv-U installed.
Still, setting it up to test the SSL capabilities of the control is not obvious. I'm using your sample 5. Certificate Authorization with FTP+SSL protocol . Would you be able to provide steps to set up certificate on Serv-U (I tried saving it from the sample to ServUCert.crt under C:Program FilesServ-U but couldn't connect from the sample)?.
Also, do passphrases apply to FTPS (like in SFTP over SSH), and if not, is Cert.Save always called with only one parameter?
Re: FTPS Testing
by wodSupport, Saturday, October 15, 2005, 01:02 (6979 days ago) @ gn
GN,
question on how to use client certificate should usually be sent to server vendor. You have the certificate - that's client's side. Where and how to authorize it on the server side depends on the server type, so you should check their manual.
Passphrases apply both for FTPS. FTPS is same thing as FTP, but it's wrapped with SSL (more/less like that). Server *may* let you in just by specifying username without password, if he finds you provided valid certificate, but this really depends on server implementation. In all the cases I've seen in real life, password was required.
Re: FTPS Testing
by gn, Saturday, October 15, 2005, 01:47 (6979 days ago) @ wodSupport
I guess I wasn't clear in my question. When I use FileZilla, and specify one of its SSL connection types, I don't have to do anything else. When I connect there, the program would ask whether I want to accept the certificate (that I generated in Serv-U), and if Yes, the connection is established.
However, I'm confused by the instructions in your SSL VB sample:
[code]All you need to do to establish such connection is:
1. Generate new key (and save it so you don't waste time later)
2. Generate new certificate (and save it so you don't waste time later)
3. Copy certificate (BUT NOT PRIVATE KEY!!) to the server
-- where to copy depends on the server. For example, if you use
-- proftpd, it is ~/.tlslogin file
4. Find the 'connect' button and click on it :)[/code]
None of the above is necessary in FileZilla. And even if I try to follow the steps, the certificate and the key cannot be imported by the server (Serv-U) as far as I know.
Thanks,
-gn
Re: FTPS Testing
by wodSupport, Saturday, October 15, 2005, 01:50 (6979 days ago) @ gn
GN,
we're talking about two different things here. I assumed you want to authenticate with the server with the certificate you have. No, it seems you just talk about server's certificate - that's easy :)
What you're explaining about FileZilla - you use password authentication there. In that case, you don't need anything on wodFtpDLX'es side, just set protocol to FTPS. HostCertificate event will be fired (this is same as FileZilla's showing you certificate). You can use Certificate.Show method here to show the certificate if you wish.
Re: FTPS Testing
by gn, Saturday, October 15, 2005, 02:09 (6979 days ago) @ wodSupport
I see. OK, so I go to the sample, try to Load the key from the server directory (the one used successfully when FileZilla was run), and the sample gives me: Could not import key from file. Password invalid? . When I load the certificate from the server directory, it shows up and looks OK. So how do I get the key to work? There was no password option given when I created the certificate in Serv-U.
Thanks,
-gn
Re: FTPS Testing
by wodSupport, Saturday, October 15, 2005, 02:11 (6979 days ago) @ gn
Can you explain what you're trying to do? Are you trying to authenticate with your certificate/key at all? Or you want to authenticate with login/password?
Re: FTPS Testing
by gn, Saturday, October 15, 2005, 02:18 (6979 days ago) @ wodSupport
I'm trying to authenticate with certificate/key, the same pair that is used successfully by FileZilla.
Re: FTPS Testing
by wodSupport, Saturday, October 15, 2005, 02:19 (6979 days ago) @ gn
Can you send it to me to techsupport@weonlydo.com ?
Re: FTPS Testing
by gn, Saturday, October 15, 2005, 02:23 (6979 days ago) @ wodSupport
Done.
