Posted: 08 Nov 2008 11:11 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
I am using your product with ftpconnectssl. I have done the certload command and then issued the ftpconnectssl command. The log I get is:
Script Engine: Line 23: Executing certload. Parameter(s): "c:\certs\fifththird_cert.pem" "c:\keys\fifththird_key.pem" Script Engine: Line 37: Executing ftpconnectssl. Parameter(s): "test_sift.53.com" 21 "CJCR" (not displayed) 220 ssgramihqsfts52:6021 FTP server (webMethods Integration Server version 6.5) ready. AUTH TLS 234 AUTH TLS OK. USER CJCR The script just hangs up. I suspect this could be an error with the certificate. Is there anyway to validate that? |
Posted: 08 Nov 2008 11:26 Last Edited By: sysaxsupport | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
First of all, does the server require a client side certificate? Also could you send a copy of the script that you are running?
For the delay in getting back to you....been in a meeting. Yes the client is a bank who requires the cert. I've attached the script. There appears to be a problem with the script attachment. Could you please email the script attachment to support@sysax.com ? I got the script. So how was this certificate generated? Also, do you have access to the server logs for the ftp server? Unfortunately the technician who created the certificate is not here and will not return until Monday. I will try to get an answer for you then. Thanks ------------------------------------------------ FTP Server Windows Solutions |
Posted: 08 Nov 2008 11:27 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
The certificate was from Verisign and that I believe that it was a pfx. We then attempted to use openssl to create pem files from it. We do not have access to the server logs since it is not our server. |
Posted: 08 Nov 2008 11:34 Last Edited By: sysaxsupport | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
If this was a pfx file, could you try to directly load the pfx file using certload?
Are you running into the same problem after this? ------------------------------------------------ Best FTP Server for Windows |
Posted: 08 Nov 2008 11:40 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
The documentation is a little confusing....it says the certload must be in pem format. What is the format of the certload command when using a pfx file? I tried using:
certload "c:certsfifththird.pfx"; I got the following error.... Script Engine: Parse Error on line 25 - Incorrect number of parameters ERROR: FTP script could not be parsed. 1 parse error(s) |
Posted: 08 Nov 2008 11:52 Last Edited By: sysaxsupport | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
You could pass empty quotes for the second argument.
I've enclosed the script with the certload change. I've also enclosed the log. I don't see any change. #************************************************************* # # Name: TRINTECHSIFT.fscr # # Desc: Upload a file to one Secure FTP server. # (1)Load digital certificate # ()Connect to the server, # (2)upload the file and disconnect. # NOTE: For debugging, be sure to enable the log # file for the session used to schedule # this script. # NOTE: Always verify that a script is doing # exactly what you wanted it to do, # before scheduling it as an automated # task to avoid unpleasant surprises! # #************************************************************* # load digital certificate # certload , [, optional: ]; # certload "c:certsfifththird_cert.pem","c:keysfifththird_key.pem"; certload "c:certsfifththird.pfx",""; # Try to connect to the Secure FTP server - 3 attempts max. # If the connection was successful, exit out of the loop early. # Otherwise, wait for 10 seconds and try again until the loop # is exceeded (3 in our case) # NOTE: Whenever a macro that starts with "ftp" is executed, # eg. ftpconnect, ftpsetpath, etc., the result of # the last executed macro is stored in the keyword # "ftpresult" loop 3 begin ftpconnectssl(); if(success eq ftpresult) begin exitloop; end else begin waitsecs(10); end end # Check if the ftpconnect command was successful. # If the connect was not successful, print out an error # message and end the script. # NOTE: loop, if, and foreach statements must contain # enclosing "begin" and "end" blocks. if(success ne ftpresult) begin print("ERROR: could not connect to server after 3 attempts"); setexitcode(1); endscript; end # Set the desired local and remote paths # NOTE: "local" and "remote" are keywords used to denote the local # and remote computers respectively. # NOTE: Since "" is also used as an escape character to specify # printable quotes, local paths may be specified using a # double backslash like "c:myfolder" ftpsetpath(local, "p:jobruntestmaindn"); if(success ne ftpresult) begin print("ERROR: could not set local path"); ftpdisconnect(); setexitcode(1); endscript; end ftpsetpath(remote, "/In/fifththird/inbound"); if(success ne ftpresult) begin print("ERROR: could not set remote path"); ftpdisconnect(); setexitcode(1); endscript; end # Set the transfer type to auto. Valid keywords are "ascii", # "binary" and "auto". # Also, set the rules to use if a duplicate file already exists # in the destination path. The files may be compared by size or # by date. This is indicated by the keywords "bysize" or "bydate". # The following rule keywords may be specified: "resume", "rename" # "overwrite", and "skip". Refer the help manual for the syntax of # the "setduperules" macro. settransfertype(auto); setduperules(bysize, overwrite, skip, skip); #upload the file to the ftp server ftpupload(file, "CJCR_Test.txt"); if(success ne ftpresult) begin print("ERROR: could not upload file"); ftpdisconnect(); setexitcode(1); endscript; end # Finally, disconnect from the remote ftp server ftpdisconnect(); setexitcode(0); endscript; ====================log begin=================== Executing script C:SYSAXFTPAutomationscriptsTRINTECHSIFT.fscr Script Engine: Line 25: Executing certload. Parameter(s): "c:certsfifththird.pfx" "" Script Engine: Line 37: Executing ftpconnectssl. Parameter(s): "test_sift.53.com" 21 "CJCR" (not displayed) 220 ssgramihqsfts51:6021 FTP server (webMethods Integration Server version 6.5) ready. AUTH TLS 234 AUTH TLS OK. USER CJCR ====================log end===================== It looks like some debugging may be involved here. Is there a way that our developers can login into this server and debug this problem for you? Also, did you get a .cer file from verisign when you purchased the certificate? ------------------------------------------------ Windows FTP Solutions |
Posted: 08 Nov 2008 11:54 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
We did not get a .cer file from Verisign. What tool do you use to log
into our server? |
Posted: 08 Nov 2008 11:56 | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
Our developers would use a debug version of ftpshell to run your script. It looks like all the
information is already available in the script you sent us. Is it ok to connect to test_sift.53.com using the login and password in the script or does this server only allow certain ip addresses? I'm a newbie with this type of data transfer so I am kinda learning how to walk here. If you don't have our certificate, how can you test the script? |
Posted: 08 Nov 2008 11:58 Last Edited By: sysaxsupport | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
We can initially try to use a self generated certificate. But it the server does require it to be issued by a trusted third party provider, we will need to get a copy of your certificate.
I have been in contact with the bank. They seem to think the problem is with the certificate. They are going to send me another certificate that they use exclusively for testing. I will let you know how I make out. We plan on testing tomorrow..... |
Posted: 08 Nov 2008 12:02 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
Attachment: DarrylPrivateKey.pem (0 kb); ManagedRootTestCA.pem (0 kb);
ManagedIntermediateTestCA.pem (0 kb); DarrylRoyalPublicKey.pem (0 kb) I've attached the new certs that can be used for testing. I'll send the password in a separate email. Please try the test and let me know the results. Thanks |
Posted: 08 Nov 2008 12:04 | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
The password is 5353. |
Posted: 08 Nov 2008 12:09 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
Any progress testing the script with the test certificate I emailed you this morning? |
Posted: 08 Nov 2008 12:12 Last Edited By: sysaxsupport | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
I received the email with the file attachments. I remember that one of our customers had problems with client side certificates because of the way they were converting them to pem format. Do you also have access to the original cert files from which these were generated? |
Posted: 08 Nov 2008 12:15 Last Edited By: sysaxsupport | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
I do not. They gave me some .der files and I told them I needed .pem files. The bank then created the .pem files and sent them to me. Do you want the .der files? The bank has offered to do a conference with sysax. Is that something you would like to do? |
Posted: 08 Nov 2008 12:18 | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
Yes, having the der files will be helpful. Once our developers have debugged this, we can decide if we need to have the conference call with the bank. |
Posted: 08 Nov 2008 12:22 | ||
Registered User Currently Offline |
Posts: 26 Join Date: Nov 2008 |
|
I am on vacation next week. If we don't get this resolved tomorrow, I will not be available until April 23........thanks |
Posted: 08 Nov 2008 12:25 | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
I just wanted to update you on the debugging effort.
The following simple 3 line script was used for debugging: certload "c:\\ManagedRootTestCA.pem", "c:\\DarrylPrivateKey.pem", "5353"; ftpconnectssl("test_sift.53.com", 21, "CJCR", "FifthThird"); ftpdisconnect; When using pem files, we noticed that the problem was in loading the private key file (DarrylPrivateKey.pem) We used the following passphrase "5353". Could you verify that the pass phrase is correct? |
Posted: 08 Nov 2008 12:46 | ||
Moderator Currently Offline |
Posts: 367 Join Date: Nov 2008 |
|
As I mentioned in the message a week ago, our developers traced this to a problem was in loading the private key file (DarrylPrivateKey.pem) using the following passphrase "5353".
At this point, you need to confirm that the passphrase is correct for the private key (DarrylPrivateKey.pem) or get a private key with no passphrase. We might also want to schedule a call with the bank if possible. |