Page 1 of 1

Self Signed Cert Issues

Posted: Fri Jan 04, 2013 2:03 pm
by titan90
Hi,
I need to send files from my proxy server to Cerberus FTP Server using SSL. I create a cert in Cerberus and can verify the cert as valid in the program.

I then add the cert info to the CA Certificates section on the proxy as instructed - but cannot connect to the FTP server.
The error on the Cerberus side is:
[2013-01-04 12:27:57]:CONNECT [ 3] - Incoming connection request on FTP interface 0 at x.x.x.x
[2013-01-04 12:27:57]:CONNECT [ 3] - FTP connection request accepted from x.x.x.x
[2013-01-04 12:27:57]:COMMAND [ 3] - AUTH TLS
[2013-01-04 12:27:57]: REPLY [ 3] - 234 Authentication method accepted
[2013-01-04 12:27:57]: ERROR [ 3] - SSL accept error: A failure in the SSL library occurred, usually a protocol error: tlsv1 alert unknown ca[2013-01-04 12:27:57]: ERROR [ 3] - Unable to establish SSL connection[2013-01-04 12:27:57]: REPLY [ 3] - 421 Unable to negotiate secure connection
[2013-01-04 12:27:57]:CONNECT [ 3] - Connection terminated

Any ideas?
Thanks.

Re: Self Signed Cert Issues

Posted: Sat Jan 05, 2013 3:33 pm
by Serin
Hello,

That error usually means the client is rejecting the Cerberus FTP Server certificate because it doesn't recognize the CA that signed it. I don't know the particulars regarding how your proxy is validating certificates, but it may not be able to accept a self-signed certificate.

Re: Self Signed Cert Issues

Posted: Wed Feb 06, 2013 7:20 pm
by kirk10
Hello titan90,
I could not get FTPS to work either but I did not try importing the cert like you have done. One thing I did notice in my logs though, you may need to add port 990 to the host address. This is the listening port for FTPS on Cerberus, what I see with the inital connection is it attempts to use ftp unless you specify the SSL port.

You should also check your firewall ACL that you are allowing port 990 to the Cerberus host.

Hope this helps.

Kirk