Self Signed Cert Issues

Questions dealing with specific FTP clients and Cerberus FTP Server.
Post Reply
titan90
Posts: 1
Joined: Fri Jan 04, 2013 1:28 pm

Self Signed Cert Issues

Post by titan90 » Fri Jan 04, 2013 2:03 pm

Hi,
I need to send files from my proxy server to Cerberus FTP Server using SSL. I create a cert in Cerberus and can verify the cert as valid in the program.

I then add the cert info to the CA Certificates section on the proxy as instructed - but cannot connect to the FTP server.
The error on the Cerberus side is:
[2013-01-04 12:27:57]:CONNECT [ 3] - Incoming connection request on FTP interface 0 at x.x.x.x
[2013-01-04 12:27:57]:CONNECT [ 3] - FTP connection request accepted from x.x.x.x
[2013-01-04 12:27:57]:COMMAND [ 3] - AUTH TLS
[2013-01-04 12:27:57]: REPLY [ 3] - 234 Authentication method accepted
[2013-01-04 12:27:57]: ERROR [ 3] - SSL accept error: A failure in the SSL library occurred, usually a protocol error: tlsv1 alert unknown ca[2013-01-04 12:27:57]: ERROR [ 3] - Unable to establish SSL connection[2013-01-04 12:27:57]: REPLY [ 3] - 421 Unable to negotiate secure connection
[2013-01-04 12:27:57]:CONNECT [ 3] - Connection terminated

Any ideas?
Thanks.

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: Self Signed Cert Issues

Post by Serin » Sat Jan 05, 2013 3:33 pm

Hello,

That error usually means the client is rejecting the Cerberus FTP Server certificate because it doesn't recognize the CA that signed it. I don't know the particulars regarding how your proxy is validating certificates, but it may not be able to accept a self-signed certificate.

kirk10
Posts: 1
Joined: Tue Feb 05, 2013 7:56 pm

Re: Self Signed Cert Issues

Post by kirk10 » Wed Feb 06, 2013 7:20 pm

Hello titan90,
I could not get FTPS to work either but I did not try importing the cert like you have done. One thing I did notice in my logs though, you may need to add port 990 to the host address. This is the listening port for FTPS on Cerberus, what I see with the inital connection is it attempts to use ftp unless you specify the SSL port.

You should also check your firewall ACL that you are allowing port 990 to the Cerberus host.

Hope this helps.

Kirk

Post Reply