Commons-Net  FTPS : Trust All Certificates?

Hi,
I am using apache's common-net 3.1 to try and establish an ftps connection(port 990). I am trying to ftp directly into another computer (long story of why I have to do it this way, but i do). When I try to connect, I get a few security errors. Is there anyway to allow/trust all certificates or disable certificate verification?
Any help or suggestions (on maybe another library that can do this?) are greatly appreciated!
Edited by: 943461 on Jun 28, 2012 10:16 AM

Why are you using FTPS if you don't want it to be secure?
Solve the real problem: import the certificates.

Similar Messages

  • Connect to FTP site with Apache commons net FTP client through Proxy

    Hello,
    I am trying to run this simple code to connect to FTP site through a proxy.
    import org.apache.commons.net.ftp.FTP;
    import org.apache.commons.net.ftp.FTPClient;
    public class MyTest {
    public static void main(String[] args) {
    String ftpHostName = "ftp.xxx.com";
    int ftpPort = 21;
    String ftpUserName = "myUserName";
    String ftpPassword = "myPassword";
    System.setProperty("socksProxyHost" ,"10.148.0.131");
    System.setProperty("socksProxyPort", "1080");
    FTPClient ftpClient = new FTPClient();
    try {
    System.out.println("connecting");
    ftpClient.connect(ftpHostName, ftpPort);
    System.out.println("connected");
    System.out.println("loging in");
    boolean successLogin = ftpClient.login(ftpUserName, ftpPassword);
    if(successLogin)
    System.out.println("success login");
    else
    System.out.println("fail login");
    catch (Exception e) {
    e.printStackTrace();
    finally {
    try {
    System.out.println("loging out");
    ftpClient.logout();
    System.out.println("disconecting");
    ftpClient.disconnect();
    catch (Exception e) {
    e.printStackTrace();
    I am getting the following error:
    C:\temp\ftp\test>java.exe -cp ./commons-net-ftp-2.0.jar;. MyTest connecting
    java.net.SocketException: Malformed reply from SOCKS server
    at java.net.SocksSocketImpl.readSocksReply(SocksSocketImpl.java:87)
    at java.net.SocksSocketImpl.connectV4(SocksSocketImpl.java:265)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:437)
    at java.net.Socket.connect(Socket.java:519)
    at org.apache.commons.net.SocketClient.connect(SocketClient.java:176)
    at MyTest.main(MyTest.java:23)
    loging out
    java.lang.NullPointerException
    at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:471<ftp://FTP.java:471>)
    at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:534<ftp://FTP.java:534>)
    at org.apache.commons.net.ftp.FTP.sendCommand(FTP.java:583<ftp://FTP.java:583>)
    at org.apache.commons.net.ftp.FTP.quit(FTP.java:794<ftp://FTP.java:794>)
    at org.apache.commons.net.ftp.FTPClient.logout(FTPClient.java:697)
    at MyTest.main(MyTest.java:39)
    I am able to do this using a different FTP client library, ftp4j-1.5.1<ftp://ftp4j-1.5.1> using the following code:
    import it.sauronsoftware.ftp4j.FTPClient;
    import it.sauronsoftware.ftp4j.connectors.SOCKS4Connector;
    public class MyTestFtp4J {
    public static void main(String[] args) {
    String ftpHostName = "ftp.xxx.com";
    int ftpPort = 21;
    String ftpUserName = "myUserName";
    String ftpPassword = "myPassword";
    FTPClient ftpClient = new FTPClient();
    ftpClient.setConnector(new SOCKS4Connector("10.148.0.131", 1080));
    try {
    System.out.println("connecting");
    ftpClient.connect(ftpHostName, ftpPort);
    System.out.println("connected");
    System.out.println("loging in");
    ftpClient.login(ftpUserName, ftpPassword);
    System.out.println("success login");
    catch (Exception e) {
    e.printStackTrace();
    finally {
    try {
    System.out.println("disconecting");
    ftpClient.disconnect(true);
    catch (Exception e) {
    e.printStackTrace();
    So I know the proxy settings are correct.
    The java version I used to compile and run my apps is 1.6.0_06 Does anyone can help figure out what is wrong when I use the Apache commons net FTP client?
    Thank you
    Jon

    Is the old AirPort Extreme base station (AEBS)
    configured so that the option to distribute IP
    addresses is DISABLED? If so, configure the new AEBS
    to act as a bridge.
    Are you suggesting I use a set-up with TWO AEBSs? Set up a bridge (not sure how) and then use the old AEBS to connect to the DSL modem and broadcast to the new Extreme which will then be the router to the other computers on the network?
    Do you have any port mapping or default host enabled
    on the old AEBS?
    I do not understand, not do I see these options in the Base Station utitlity; perhaps they are in the FTP options--but that, I'm sorry to say, is not obvious to my inspection.
    Duane, can you give me a few more basic instructions? Thanks
    iMac 17    

  • Apache Commons Net FTP : ListFiles not displaying all dirs and files

    So I am doing this:
    FTPClient f = new FTPClient();
    f.connect("foo.bar.com");
    boolean login = f.login("User","Pass");
    FTPFile[] list = f.listFiles();
    When I doing a "list.length" I get 2. When I list it out it just shows that it retrieved the directories only. I know there are more files there....
    Here is the wierd thing. When I manually FTP from this Windows box and do a dir I only get the two listings. When I FTP from my linux box I get the full directory listing (those two directories and more files).
    Any ideas as to why I am not picking these up?
    Thanks,
    Michael

    File permissions / hidden / visible etc?

  • JNDI :: LDAP :: SSL :: howto trust all certificates

    hi @ all,
    currently i'm writing a jndi ldap wrapper java package which is intended to capsulate all the jndi stuff for the user of it so he only need to configure it's settings through a xml configuration file.
    now i'm on the point that i want to enable this package to communicate through a ssl secured connection. therefore i'v got two questions.
    first:
    how can i specify a keystore file other than the default jre keystore file to be used by jndi when connecting to the directory server through ssl?
    second:
    i do not like the default behaviour of the jsse which forces me and in fact all the future users of the package to having importet the server's certificate to such a keystore. i think this is not nice cause i want to enable my application to connect to the server independent to the certifacte it uses. it there any way to get the jndi (i think jsse in fact) to accept every certificate the server uses?
    it would be nice if someone could help me with this questions 'cause i did not get it working up to now.
    thx in advance
    dialsc

    morning,
    meanwhile i was able to answer the first question by my selfe.
    here's the answer:
    create a keystore with the following instruction:
    keytool -import -file server_cert.cer -keystore jssecacertsthan tell java to use the individual keystore with the following statement (before creating the DirContext):
    System.setProperty("javax.net.ssl.trustStore", "/path/to/the/individual/keystore/file/myKeystoreFile");that's it. now the ssl connection should work.
    but what about my second question. can anyone give a answer for it, please?
    regards
    dialsc

  • Apache Commons Net - Retrieve File - Extension, Compare , Move - FTP Server

    Dear All,
    I am using Apache Commons net FTP Library for FTP Operations. I had a few doubts
    1) I like to retrieve ftp files only with some extensions like *.txt or *.jpg etc. How can we retrieve files with specifying file extension?
    2) I need to compare the FTP Files with the local files before downloading from the FTP Server?
    3) I need to move files from the ftp server to local directory. Is there is anyway to move the files rather than first retrieve files from the FTP Server and then deleting the file in the FTP Server using FTP delete()
    Thanks,
    J.Kathiresan

    1) I like to retrieve ftp files only with some
    extensions like *.txt or *.jpg etc. How can we
    retrieve files with specifying file extension?
    List the files and then filter the list to those that you want to process.
    2) I need to compare the FTP Files with the local
    files before downloading from the FTP Server?Think about this one! To compare two files you nead to read both. If you do this on the client then you will have to copy the file from the server first!
    >
    3) I need to move files from the ftp server to local
    directory. Is there is anyway to move the files
    rather than first retrieve files from the FTP Server
    and then deleting the file in the FTP Server using
    FTP delete()What is wrong with copy then delete?

  • I can't "Trust all" a https certificate

    Hi,
    I'm facing this when trying to open a Oracle Forms (Java Applet) window. Basically I can't check the "Trust all applets" checkbox. I tried it using another browser, tried sudo, switched between 32 and 64 bit JVMs, but the checkbox won't be enabled. I'm running Mountain Lion and Java 1.6.0_33.
    Does anyone have any tips on what to do? I'm still trying to install an older java version, so if anyones knows how to it will also be very helpfull.
    PS: Sorry for the printscreen in portuguese, I hope the description is good enough.
    Thanks,

    Hi,
    I found why the checkbox was disabled. I was messing around the security configuration and found this:
    The three radio buttons controls from where you can install new apps, the options are Mac App Store only, App Store + Trusted developer and anywhere. When I changed it to  anywhere, the checkbox on the applet window got enabled.
    I should point it is not recommended to leave this configuration like this forever, so if you change it keep in mind that you might want to change it back after you manually trust the certifcates for the java applets.

  • Commons Net - List files with more than a wildcard "*" in path

    Hello everybody!
    I�m starting to use commons net library in a java project, and I have this doubt: I need to list files in a ftp server, for instance, like this �action*/slot*-qual*.txt�
    i.e., I want to list all the files like �slot (something) � qual (something) .txt�, in all directories beginning with �action (something)�.
    When I put this path in a variable named �path� and pass it to the listFiles method, it returns me a list of zero files. But, for instance, if I only pass the path �action*�, the listFiles returns me all the directories beginning with �action�, like action01, action02, etc. The same happens if I pass only �slot*-qual*.txt�, giving me all the files that respect the command, within a certain directory, like slot1-qual101010.txt, slot2-qual10.txt, slot3-qual1.txt, etc.
    So, there�s must me a method to do this kind of listing, isn�t it? Is it possible to list the files like this?
    If I put the command �ls action*/slot*-qual*.txt� in an ftp client that I use, I get the correct list that I need, so it works like this!
    Thanks a lot everybody!
    Andr� Augusto
    FTPClient ftp;
    FTPFile[] files;
    files=ftp.listFiles(path);
    for (int i=0; i<files.length; i++)
    logger.info("Index: "+i+ " -> Name: " +files.getName());

    Hello everybody!
    I�m starting to use commons net library in a java project, and I have this doubt: I need to list files in a ftp server, for instance, like this �action*/slot*-qual*.txt�
    i.e., I want to list all the files like �slot (something) � qual (something) .txt�, in all directories beginning with �action (something)�.
    When I put this path in a variable named �path� and pass it to the listFiles method, it returns me a list of zero files. But, for instance, if I only pass the path �action*�, the listFiles returns me all the directories beginning with �action�, like action01, action02, etc. The same happens if I pass only �slot*-qual*.txt�, giving me all the files that respect the command, within a certain directory, like slot1-qual101010.txt, slot2-qual10.txt, slot3-qual1.txt, etc.
    So, there�s must me a method to do this kind of listing, isn�t it? Is it possible to list the files like this?
    If I put the command �ls action*/slot*-qual*.txt� in an ftp client that I use, I get the correct list that I need, so it works like this!
    Thanks a lot everybody!
    Andr� Augusto
    FTPClient ftp;
    FTPFile[] files;
    files=ftp.listFiles(path);
    for (int i=0; i<files.length; i++)
    logger.info("Index: "+i+ " -> Name: " +files.getName());

  • Apache Commons Net deployment fails to resolve, JDev classpath question

    I wrote a wrapper to apache's most recent version of commons-net package (version 1.4.1) to allow me to execute FTP services from an Oracle 9i2 database. After adding the common-net .jar file to the JDev libraries, and including this library in my project, I debugged the code in Jdeveloper, then deployed to the Oracle 9i2 server. However, many classes of the of the common-net (and my code) failed to resolve in the database.
    After downloading open source product DependencyFinder, and running against the Commons-net .jar file, I found that some packages were dependent on the Apache ORO regexp package. The ORO package, as far as I can tell, is not in any classpath that my JDev project uses. There is listed in the JDev libraries, a library called Apache Regexp, but I did not include that in the project, either.
    After I downloaded the ORO package from Apache, added it to JDev's libraries, included it in my project, and added the ORO library to the list of classes to deploy (using the loadjava deployment profile), deployment to Oracle 9i2 of the my classes, the commons-net classes, and the ORO classes properly resolved.
    My question is: Why did my application work under JDeveloper? How and where did it find the ORO classes?
    The version of Java under which JDeveloper is running, and the version being used as the compiler for this project, is a new installation of JDK1.4.2_10.

    Since the commons net 1.4.1 is compatible with jdk 1.3.1, I should only need to use loadjava on the .jar file. In fact, that works, given that there is no failure on load due to incompatible .jar or .class files structure.
    But, I've just solved this part of the problem. The commons net 1.4.1 is dependent on, but does not include the Apache ORO library. Once the ORO library was deployed to Oracle 9i2, all common net 1.4.1 classes were resolved.
    The "problem" is with JDeveloper. Without including the ORO library in the JDeveloper application, or in the classpath, it worked under JDeveloper -- the more surprising since I had never downloaded the ORO library from Apache. Only after downloading ORO, explicitly defining ORO to JDeveloper, and including ORO as a library in my JDeveloper project, did the deployment of the application to Oracle 9i2 succeed (though the application always executed successfully under JDeveloper).

  • Commons net and retrieve complete dir structure

    Hi everybody,
    I'm using commons net from apache to connect and download files from a FTP site.
    I have a question: is there any easy (and quick above all...) function to get the complete directory structure of FTP site without using recursively the listFiles() method, which takes a LOT of time?
    I only need to syncronize a local dir structure to the FTP one. I don't need to download any file. Many thanks for your help.

    1) I like to retrieve ftp files only with some
    extensions like *.txt or *.jpg etc. How can we
    retrieve files with specifying file extension?
    List the files and then filter the list to those that you want to process.
    2) I need to compare the FTP Files with the local
    files before downloading from the FTP Server?Think about this one! To compare two files you nead to read both. If you do this on the client then you will have to copy the file from the server first!
    >
    3) I need to move files from the ftp server to local
    directory. Is there is anyway to move the files
    rather than first retrieve files from the FTP Server
    and then deleting the file in the FTP Server using
    FTP delete()What is wrong with copy then delete?

  • Always trust these certificates option no longer working

    Hello all,
    I'm using MacOS X 10.4.4. My firm uses a lot of sites with self-signed server and CA certificates. Safari, of course, pops up a box saying "this is signed by an unknown issuer" or somesuch. Showing the details of the certificates and then checking the "always trust these certificates" used to prevent that pop-up from showing again (after entering your password).
    Safari no longer does this, and each time I start Safari, I get the certificate warning even though I've checked the always trust box.
    This is a major annoyance. Does anyone have any idea how to get it to stop doing this and remembering my "always trust" click?
    Thanks,
    Doug

    I have only the "login" keychain, which was not locked when I ran Keychain Access.
    I'll try this again with the application open.
    Thanks,
    Doug

  • Firefox Displays "Peer's certificate has an invalid signature." SubCA shows "Could not trust this certificate for unknown reasons"

    Using a 2-tier on-premise PKI. Offline Root CA (Standalone Windows 2008 R2 Enterprise) and online SubCA for issuing certificates (Domain-Joined Issuing CA)
    ROOTCA certificate installed in the store and showing trusted (Uses a SHA2 signature and PKCS #1 SHA-256 With RSA Encryption algorithm)
    ISSUINGCA certificate installed in the store and showing "Could not trust for unknown reasons" also has SHA2 signature with RSASSA-PSS algorithm
    Issued certificate is for a Lync Front-End Web Server and when attempts are made to load the secure web connection. I receive the error "Peer's certificate has an invalid signature"
    I've completely de-installed and re-installed Firefox. Removed and re-added the ROOT and SUBCA certs. Note: No issues when using same certs in Internet Explorer 8, 9 or 10 on the same system. Lync client also using same certificates, no issues. Only when accessing the Lync Web Services from Firefox.
    Question: Does Firefox NSS Internal PCKS#11 Module support RSASSA-PSS SHA-256 with different hashes? How can I troubleshoot this further?

    HI khetheri,
    In order to better test the certificate may we request the certificate without the private keys? I have some backup from the security team if this is possible.
    There is a temporary work around as well but I don't recommend turning on all certificates to make sure it is not a compatibility error(ish)
    It is possible to check if it is being detected as a bad certificate in Firefox itself to eliminate compatibility issues.
    # In the [[Location bar autocomplete|Location bar]], type '''about:config''' and press '''Enter'''. The about:config "''This might void your warranty!''" warning page may appear.
    # Click '''I'll be careful, I promise!''', to continue to the about:config page.
    # Search for '''browser.xul.error_pages.expert_bad_cert ''' and set it to true to try the certificate normally.
    Looking forward to your reply!

  • Trusted CA Certificate Ignored When Connecting To Node Manager

    I have a question about Node Manager.
    I have the following configuration:
    OS: Linux (CentOS 5.4) 32bit
    Oracle WebLogic Server 11gR1 (10.3.2)
    Portal, Forms, Reports and Discoverer (11.1.1.2.0) - only Forms and Reports are installed and configured
    All configured components start successfuly, but I receive the following security related messages when I connect to Node Manager.
    java -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.TrustKeyStore=DemoTrust weblogic.WLST
    Initializing WebLogic Scripting Tool (WLST) ...
    Welcome to WebLogic Server Administration Scripting Shell
    Type help() for help on available commands
    wls:/offline> nmConnect('weblogic', <weblogic password>, 'icweb001', '5556', <domain name>)
    Connecting to Node Manager ...
    <Nov 25, 2009 3:35:35 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    <Nov 25, 2009 3:35:35 PM EST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
    Successfully Connected to Node Manager.
    wls:/nm/DynaMed>I understand that the two BEA-090898 messages associated with the specified certificates are informational, but is there anything I can do to either,
    1) correct the certificate so the messages are not generated, or
    2) change my setup so that the messages are not displayed?
    Thanks in advance for your help.

    The certificates at issue belong to the $JAVA_HOME keystore in weblogic
    $JAVA_HOME/jre/lib/security/cacerts
    ttelesecglobalrootclass3ca, Feb 10, 2009, trustedCertEntry,
    ttelesecglobalrootclass2ca, Feb 10, 2009, trustedCertEntry,I was able to stop the warning messages from appearing when connecting to node manager, by removing these two certificates from the $JAVA_HOME/jre/lib/security/cacerts keystore.
    cd $JAVA_HOME/jre/lib/security
    cp -p cacerts cacerts.original
    chmod 644 cacerts
    keytool -delete -alias ttelesecglobalrootclass2ca -keystore cacerts
    keytool -delete -alias ttelesecglobalrootclass3ca -keystore cacerts
    chmod 444 cacerts cacerts.originalOnce the certs are removed from the keystore, the warning messages no longer appear when connecting to node manager.
    Some additional information on these two certificates can be found at:
    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6803022Edited by: wblum on Feb 18, 2010 1:10 PM

  • Apache commons-net

    Hi
    I was using apache commons-net to FTP some files to an FTP server.
    I was able to login to the server. I want to know How can I move out from my root directory. Is it possible using apche coomons-net. The working directory displayed is only /home/myname.
    Thanks
    Prabhath Nair

    If you want to move to a sub-directory within your current root then could it possibly be the changeWorkingDirectory() command?
    P.S. You wont be able to move to some directory such as /etc because FTP servers constrain you to stay within a fixed root directory. Often, the home directory of the login name.

  • Trusting a certificate

    When trying to connect my firm's citrix site, I am getting the following error:
    You have chosen not to trust Go Daddy Class 2 Certification Authority,
    SSL error 61
    I checked and the certificate is there. I even tried deleting it and importing it again.
    I am using Ubuntu and Firefox 10. I do not have this error on my windows machines or my Macs.
    How do I trust this certificate. I am not given the option as in earlier version of FF to trust the certificate fro the website.

    That's a common, annoying error. Take a look at http://sslerror61.org/
    Yes, there is a website dedicated to it. If none of those solutions work, contact your network admin. They will know what to do. I can't do much without being in front of your computer.

  • HT5012 What is the necessity of using these trust root certificates ? In which scenario we can use these certificates?

    Hi all ,
    I would like to know about the trust store and trust root certificates . Please let me know why we have to use these certificates and in which scenario it could be helpful?

    Hi All,
    Please help me in advise for my query.
    Thanks,
    Sriram

Maybe you are looking for