I am trying to use implicit FTPS with server validation. Sometimes it is working and sometimes I am getting the error "Server certificate could not be validated". Can someone please help? Thanks

Here is my java code.

// at one point, I got error "certificate chain is too long, so I added the line below
SSLFTPStandardValidator.MAX_CERTIFICATE_CHAIN_LENGTH = 5;

// create client
ftp = new SSLFTPClient();

// disable standard SSL closure
ftp.setConfigFlags(SSLFTPClient.ConfigFlags.DISABLE_SSL_CLOSURE);

// set remote host
ftp.setRemoteHost(host);

// load root certificates
ftp.getRootCertificateStore().importPEMFile(serverCertFilename);

ftp.setCustomValidator(new SSLFTPStandardValidator(false));

// set implicit mode
ftp.setImplicitFTPS(true);

Here is the error mesage:
ERROR [SSLSocket] 9 Jun 2011 13:43:16.082 : internalSocket() failed - closing socket : Server certificate coul
d not be validated.
com.enterprisedt.net.puretls.cert.CertificateVerifyException: Server certificate could not be validated.

[support2]

Is this always with the same server? Could you enable logging at the ALL level and send us the log file?

It is always the same server. The problem occurs randomly. Here is more log info. Thank you very much for your quick response.

INFO [ftpstest.UseFTPSWithServerValidation] 10 Jun 2011 11:13:27.537 : Creating FTPS c
lient
INFO [SSLFTPClient] 10 Jun 2011 11:13:27.568 : edtFTPj - PRO version
INFO [LicensePropertiesBase] 10 Jun 2011 11:13:27.584 : Licence expiry date: 31 Dec 9999
INFO [LicensePropertiesBase] 10 Jun 2011 11:13:27.584 : Production licence
INFO [puretls] 10 Jun 2011 11:13:27.662 : PureTLS debug level=0
INFO [com.tdsecurities.loaniq.ftpstest.UseFTPSWithServerValidation] 10 Jun 2011 11:13:27.662 : Setting configu
ration flags
INFO [com.tdsecurities.loaniq.ftpstest.UseFTPSWithServerValidation] 10 Jun 2011 11:13:27.662 : Setting remote
host
INFO [com.tdsecurities.loaniq.ftpstest.UseFTPSWithServerValidation] 10 Jun 2011 11:13:27.678 : Loading server
certificate from cert_test.pem
INFO [cryptix] 10 Jun 2011 11:13:27.693 : GLOBAL_TRACE=false
INFO [cryptix] 10 Jun 2011 11:13:27.693 : GLOBAL_DEBUG=false
INFO [cryptix] 10 Jun 2011 11:13:27.693 : GLOBAL_DEBUG_SLOW=false
INFO [com.tdsecurities.loaniq.ftpstest.UseFTPSWithServerValidation] 10 Jun 2011 11:13:27.725 : Connecting to s
erver ftps.tdbank.ca
ERROR [SSLSocket] 10 Jun 2011 11:13:27.850 : internalSocket() failed - closing socket : Server certificate cou
ld not be validated.
com.enterprisedt.net.puretls.cert.CertificateVerifyException: Server certificate could not be validated.
at com.enterprisedt.net.puretls.n.B(Unknown Source)
at com.enterprisedt.net.puretls.Z.B(Unknown Source)
at com.enterprisedt.net.puretls.n.E(Unknown Source)
at com.enterprisedt.net.puretls.i.G(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.internalSocket(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(Unknown Source)
at ftpstest.UseFTPSWithServerValidation.main(UseFTPSWithServerValidation.java:
112)


com.enterprisedt.net.puretls.cert.CertificateVerifyException: Server certificate could not be validated.
at com.enterprisedt.net.puretls.n.B(Unknown Source)
at com.enterprisedt.net.puretls.Z.B(Unknown Source)
at com.enterprisedt.net.puretls.n.E(Unknown Source)
at com.enterprisedt.net.puretls.i.G(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.internalSocket(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(Unknown Source)
at ftpstest.UseFTPSWithServerValidation.main(UseFTPSWithServerValidation.java:
112)
com.enterprisedt.net.puretls.cert.CertificateVerifyException: Server certificate could not be validated.
at com.enterprisedt.net.puretls.n.B(Unknown Source)
at com.enterprisedt.net.puretls.Z.B(Unknown Source)
at com.enterprisedt.net.puretls.n.E(Unknown Source)
at com.enterprisedt.net.puretls.i.G(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.internalSocket(Unknown Source)
at com.enterprisedt.net.puretls.SSLSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(Unknown Source)
at ftpstest.UseFTPSWithServerValidation.main(UseFTPSWithServerValidation.java:
112)

[EDT Support]

There's a good chance that this is happening because the server is presenting a certificate that's different from the one you expect. You can connect and download the presented certificate by using the method SSLFTPClient.getServerCertificate(String,int,boolean). This method returns an SSLFTPCertificate object, which you can then write to a PEM file using the SSLFTPClient.writePEM() method. Once you have the certificate, try comparing it with the one you're currently using and also try connecting using that certificate.

-Hans (EnterpriseDT)

[support2]