Using Client Certificate in edtFTPj/PRO Fails

Question

I am attempting to use the edtFTPj/PRO product to communicate with an FTPS server (Implicit and Explicit). We need to have the ability to use a client certificate for authentication.

I am using the SecureFileTransferClient class. I set the client certificate and certificate password using the setClientCertificatePath and setClientCertificatePassphrase methods in the AdvancedSSLSettings (getAdvancedSSLSettings method).

I point to a known good certificate that is in PFX format. When attempting to connect, I get an error: Couldn't find private key in this file.

I use this same file with the edtFTPnet/PRO product without any issues. Why does the Java product have an issue with the same file and password? What "secret settings" do I need to set to get this to work?

...Glenn

Answer 1

PFX is a Microsoft format - you need to convert to PEM.

Answer 2

PFX is a Microsoft format - you need to convert to PEM.

So, the .NET and Java products are NOT functionally equivalent? Ugh!

I changed to a PEM equivalent using a "pair" file with both certificate and private key in the same file. I tested the file with the .NET product, using the SSLFTPCertificate.CreateFromPEM method. When I use the Java product, simply by replacing the file name in the previous test, I get an error:

com.enterprisedt.net.puretls.SSLCaughtAlertException: Handshake failure at handshake state SSL_HT_FINISHED or SSL_HS_WAIT_FOR_CHANGE_CIPHER_SPECS
at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:171)
at com.enterprisedt.net.puretls.j.a(SSLConn.java:161)
at com.enterprisedt.net.puretls.SSLSocket.internalSocket(SSLSocket.java:116)
at com.enterprisedt.net.puretls.SSLSocket.<init>(SSLSocket.java:69)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(SSLFTPClient.java:853)
at com.enterprisedt.net.ftp.async.internal.ConnectTask.connect(ConnectTask.java:148)
at com.enterprisedt.net.ftp.async.internal.ConnectTask.run(ConnectTask.java:208)
at com.enterprisedt.net.ftp.async.internal.FTPTaskProcessor$b.run(FTPTaskProcessor.java:590)
Caused by: com.enterprisedt.net.puretls.SSLCaughtAlertException: Handshake failure
at com.enterprisedt.net.puretls.z.a(SSLRecordReader.java:137)
at com.enterprisedt.net.puretls.z.a(SSLRecordReader.java:84)
at com.enterprisedt.net.puretls.s.read(SSLInputStream.java:78)
at com.enterprisedt.net.puretls.ai.a(SSLuintX.java:109)
at com.enterprisedt.net.puretls.p.a(SSLHandshakeHdr.java:73)
at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:246)
at com.enterprisedt.net.puretls.n.c(SSLHandshakeClient.java:106)
at com.enterprisedt.net.puretls.m.a(SSLHandshake.java:168)
... 7 more

We are developing a multi-protocol client, so we are using the SecureFileTransferClient class. The How-To's are quite limited on this class so there aren't any working examples on what I'm trying to accomplish. Also, the API documentation is quite vague on this topic as well.

Any insight on how to accomplish this would be appreciated.

Answer 3

.NET and Java products are *largely* functionally equivalent, but there are some differences because of their target platforms.

Java is cross-platform, and used a great deal on Unix. So edtFTPj/PRO doesn't use a platform-specific certificate format like PFX.

It's probably best if you send us a log file at the DEBUG level together with the code you are using to support at enterprisedt.com.