Describe ftps here.
- .Downloaded the certificate.
address of ftp site https://www.gxsolc.com/public/EDI/us/support/TB/IEServiceChange030907.htm
sudo mkdir -p /etc/pki/tls/certs
- sudo aptitude install ftp-ssl
setup your own certificate on server http://ronbassett.com/articles/linux/creating-a-ssl-tsl-connection-for-ftp.html
export cert to curl
get the cert into your firefox browser. export it. You now have p12 file
openssl pkcs12 -in pki_cert.pem.p12 -out ca.pem -cacerts -nokeys openssl pkcs12 -in pki_cert.pem.p12 -out client.pem -clcerts -nokeys openssl pkcs12 -in pki_cert.pem.p12 -out key.pem -nocerts
Log in to: https://www.edisrvcs.com/ and change your password.
curl -cacert ca.pem --cert client.pem --key key.pem -k -v -u USER:PASS ftp://usa.ftptls.edisrvcs.com --ftp-ssl
# apt-get build-dep gftp # apt-get install libssl-dev openssl # apt-get source gftp # cd gftp-2.0.18 *this is the version number, it's different in time* # vim debian/rules (or use nano or gedit or some editor) change the option on 10th or 15th line from --disable-ssl to --enable-ssl # debian/rules binary it should now compile and pack all gftp packages # cd .. # dpkg -i gftp*.deb
Explicit SSL—When using Explicit SSL, ftp server will allow SSL connections on the standard FTP port. This port will be used for both FTP connections and FTP/S connections. In order to enter into a secure SSL session, the FTP client will need to issue either the AUTH SSL or AUTH TLS command prior to establishing the secure connection. *Implicit SSL—When using implicit SSL, ftp server will listen on a specific port that will only be used for SSL connections. By default this is port 990; however, any port may be used.
We recommend that you select Protocol Version TLS v.1.0 (SSL v3.1) because it has security enhancements that are not found in SSL v3.0. We also recommend that you enable Encrypt data channel by default to force encryption unless the client explicitly turns it off. The Enable CCC feature allows plaintext communication to occur, so this feature should be disabled in cases where encryption is always wanted. As a reminder, you must enable Require all FTP connections from the clients to be secure if you are using explicit SSL and do not wish to allow unsecured access to your server. Explicit SSL is the preferred standard, but either method is secure. (Explicit SSL is the recommended method for HIPAA compliance because implicit SSL is not formally adopted in an RFC.) If you enable Require Trusted Certificates, please be aware that this feature requires that all FTPS clients provide a trusted certificate to connect. This is the most secure method of connecting but it requires that trusted keys be distributed to each user offline, so it may not be practical.
openssl pkcs12 -in cred.p12 -out certkey.pem -nodes -clcerts
curl -E certkey.pem -k -s -u username:pass ftp://usa.somesite.com/ --ftp-ssl --list-only
curl -E certkey.pem -k -v -u username:password ftp://usa.somesite.com/ACCT.USERID/ --ftp-ssl --quote "cwd /#E2" -T filetoupload.txt
curl -E certkey.pem -s -u user:pass ftp://someaddress.com/ --ftp-ssl --list-only -v < 220 intftps1 IE-FTP server (v4r3m0.k) ready on system USA. > AUTH SSL < 234 AUTH command accepted - proceed with Negotiation. * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Closing connection #0
- Solution, fixed, solved
The name 'SSL23*' makes me suspect that this is once again a problem with the automatic selection of SSL version 2 or version 3. I think it might help if you select which SSL version to use on the command line. Try with -2 or -3 and see if any of those makes it better.