Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
78 views
in Java FTP by (150 points)
I have recently moved to edtFTPj/pro after using the free version for a long time - our network is deprecating vanilla FTP in favor of FTPS.

I have successfully used the library with an FTPS server using a self-signed certificate, but am having problems connecting to a site with a real, from-DigiCert certificate.

The code craps out when loading an ostensibly good PEM file - /etc/pki/tls/cert.pem, supplied with CentOS 7.  I can connect to the site using curl, which uses other certificate store files from /etc/pki.

com.enterprisedt.net.puretls.cert.CertificateDecodeException: java.io.IOException: Unrecognized OID for key1.2.840.10045.2.1

com.enterprisedt.net.puretls.cert.X509Cert.<init>(X509Cert.java:271)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importPEMFile(SSLFTPCertificateStore.java:188)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importPEMFile(SSLFTPCertificateStore.java:155)

com.enterprisedt.net.ftp.ssl.SSLFTPCertificateStore.importCertificates(SSLFTPCertificateStore.java:87)

com.enterprisedt.net.ftp.async.internal.SecureConnectionContext.loadSSLServerValidation(SecureConnectionContext.java:384)

com.enterprisedt.net.ftp.SecureFileTransferClient.loadSSLServerValidation(SecureFileTransferClient.java:664)

Ideas?
by (153k points)
Please open a support ticket at the link below and send us your PEM file to try.
https://enterprisedt.atlassian.net/servicedesk/customer/portal/1
by (150 points)
Uploaded to ESC-1003495.  Thanks!

1 Answer

0 votes
by (153k points)
 
Best answer
A note to readers: we have made a patch that resolves this issue by ignoring ECC root certificates (which are rarely if ever required). It will be available in the next release of edtFTPj/PRO.

Categories

...