Certificate Validation Failure

asked Jun 14, 2018 in Java FTP by randall.bowman (160 points)

I'm getting a certificate validation failure when trying to connect to an ftp server using ftps. I did a listing of the certificate with keytool and see Owner: CN=edxuat.xxx.com but the machine that I'm trying to connect to is ftps-edxuat.xxx.com. The SubjectAlternativeName list of the certificate does have ftps-edxuat.xxx.com in it and I have added ftps-edxuat.xxx.com to the ServerCommonNames list. Does the owner value of the certificate have to be the machine name that I'm trying to connect to?

commented Jun 14, 2018 by EDT Support (51.1k points)

Which product are you referring to? Is it our .NET product, edtFTPnet/PRO?

commented Jun 14, 2018 by randall.bowman (160 points)

The product is edtFTPj/PRO

commented Jun 14, 2018 by support2 (161k points)

Please enable debug logging and post the *relevant snippet* here.

commented Jun 14, 2018 by randall.bowman (160 points)

com.enterprisedt.net.ftp.ssl.SSLFTPException: The CN (Common Name), edxuat.x.com, on the server's certificate does not match its hostname, ftps-edxuat.x.com

Thanks for reminding me to look in the log.

The guy that runs the ftp server and gave me the certificate says that since the certificate has ftps-edxuat.x.com listed in the SubjectAlternativeName list it should still be validated. Does the edtFTPj/PRO library use the SubjectAlternativeName list?

commented Jun 14, 2018 by support2 (161k points)

I think you can create an instance of SSLFTPStandardValidator supplying edxuat.x.com, set it in SSLFTPClient, and it should work.

Certificate Validation Failure

Please log in or register to add a comment.

Please log in or register to answer this question.

0 Answers

Categories