Hi, Implicit and explicit connections have been tested but we have not tested the ssl.client-authentication due to lack of support in FTP clients. So it might cause some problems. I think we need to do some more testing on it. Besides that we have not used openssl.
Thanks, Rana Bhattacharyya --- Niklas Gustavsson <[EMAIL PROTECTED]> wrote: > asdas adfsdf wrote: > > Hello, > > > > this is what i got using client validation on. > > > > Finalizer, SEND TLSv1 ALERT: warning, description > = close_notify > > Finalizer, WRITE: TLSv1 Alert, length = 2 > > Thread-3, received EOFException: error > > Thread-3, handling exception: > javax.net.ssl.SSLHandshakeException: Remote host > closed connection during handshake > > Thread-3, SEND TLSv1 ALERT: fatal, description = > handshake_failure > > Thread-3, WRITE: TLSv1 Alert, length = 2 > > Thread-3, called closeSocket() > > > > this is what i did: > > > > #1. create self-sifned certificate > > keytool -genkey -alias myalias -keyalg RSA > -keystore test.keystore > > > > > > #2. extract in der form > > keytool -export -alias myalias -keystore > test.keystore -file myalias-der.crt > > > > #3. convert the in DER coded certificate in PEM > > openssl x509 -out myalias.crt -outform pem -text > -in myalias-der.crt -inform der > > > > #4. extract the private key with ExportPriv.java > (http://mark.foster.cc/pub/java/ExportPriv.java) > > javac ExportPriv.java > > java ExportPriv test.keystore myalias password > > myalias.key > > > > #5. reconvert the private key again to get it used > with apache > > openssl rsa -in myalias.key -out privkey.key > > > > #6. generate new server.keystore with ImportKey > (http://www.comu.de/docs/tomcat_ssl.htm) > > java ImportKey myalias.key.der myalias-der.crt > myalias > > > > after doing this steps, i create a new file which > contains > > > > -----BEGIN CERTIFICATE----- > > MII... > > -----END CERTIFICATE----- > > -----BEGIN RSA PRIVATE KEY----- > > MII... > > -----END RSA PRIVATE KEY----- > > > > by pasting from from myalias.crt and privkey.key, > and this file is used as the client certificate. > > For the apache ftp server, i told it to use the > keystore from the file server.keystore. > > I'm not sure I understand why you need to use all > these steps. All you > need are a standard JKS keystore and truststore. > FtpServer uses the > normal JSSE support in the JRE so I don't believe we > do anything funky > (but I might be missing something). > > /niklas > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
