FTP Login

Venkat_Subramaniam · September 18, 2013, 3:51pm

Hi,

While trying to connect to a FTP server through port 21(TLS authentication) with pub.client.ftp:login from Developer, Server certificate rejected by chain verifier error is thrown. If tried with default none for auth, password incorrect error is thrown. Issue observed after replacing the expired certificate with new one. New certificate has been kept in both pub and ca directories. No change in credentials. Please provide suggestions on what might be causing this issue.

rmg · September 18, 2013, 4:19pm

Are you trying here to connect to a sFTP/SSH enabled server?

It sounds you are trying to connect a sFTP location and you need port 22 for that and the regular client:ftp service doesn’t work right?

Can you check with remote FTP site team?

HTH,
RMG

Venkat_Subramaniam · September 18, 2013, 7:49pm

It was working before and now it doesn’t. Apart from keeping the certificates in pub & CA, do the certificates need to be configured anywhere else? Moreover I run this service in developer, it just exits before the result. Same result whenever I try again. Noticing this weird behavior too.

rmg · September 18, 2013, 9:35pm

What changes you think were made in your env? can you troubleshoot more on this?

Yes normally we keep certs in teh IntegrationServer/certs folder and configure in the IS security page thru.

HTH,
RMG

Venkata_Reddy_K · September 20, 2013, 12:13pm

Hi Venkatasubrahmanyam,

If you want the Integration Server to accept a connection when one or more of the CA certificates in the chain are expired, you must update the watt.security.ssl.ignoreExpiredChainsproperty in the server configuration file. (server.cnf) to true
. This setting will cause the server to ignore expired CA certificates in the chain.

For “true” expired chains are ignored. All other values are treated as “false”.

Try this it should work.

Regards

Venkat.

rmg · September 20, 2013, 3:06pm

Venkatasubramaniam,

You did not answer is the certs used for your sFTP or regular HTTPS handshaking in your env?

You said it worked before did you research what has changed in your testing/environment assuming this is production issue?

Yes try that setting if that is applicable in your scenario.

HTH,
RMG

Venkat_Subramaniam · September 23, 2013, 9:24am

It is FTP only but with TLS authentication. Port 21 is opened from partner side for our server. Moreover the expired certificate was a self-signed one and the new one is not, it has a CA and root CA. I will check and update if I get more information. And thank you for the suggestion on the extended setting.

Venkat_Subramaniam · September 23, 2013, 9:26am

One more thing is, think the partner is not having our server certificate. I’m checking the same.

Regards
Venkat

rmg · September 23, 2013, 5:10pm

Yes please check that one too