FTP w/SSL ?

Similar Messages

• Ftp over ssl

  Hi All,
  I would like to check if it is possible to have a ftp server (ftp over ssl) hosted externally to be accessible via the cisco switches, routers etc? Can this result be achieved?
  Thanks
  Alex

  It should. Check out https://packetpros.com/cisco_kb/ios_http.html. Change the http commands to https.

• Does XI support FTP over SSL with Command AUTH TLS??

  Hi All,
  Can we change Command AUTH TLS to AUTH SSL in the Command Order of receiver FTP adapter when you select FTPS (FTP using SSL/TLS) for Controal and Data Connection??
  We are able to transfer business documents to bank's FTP server (Following RFC 2228 standards) using WS FTP Pro (I think follows RFC 959 and 1123 standards) which using AUTH SSL in Command order.
  We did go through SAP note 821267 (FAQ for XI 3.0 / PI 7.0 File Adapter)...question number 33 address about the "AUTH TLS" command. But we not getting the same error. We get different as in this forum:
  Re: Error: Message processing failed: FTPEx: PBSZ=0
  Can someone please confirm if this is the issue with FTP RFC standarads?? Or can we coustomize FTPS adapter to send AUTH SSL command??
  Thank you,
  Indrasena Janga

  Dear Andy,
  I am also looking for the same information.
  Could you please share with ,if u have got anything related....
  Hi Experts,
  Pls share your exp with us if u have any....
  Regards,
  Srinivas

• Data Transfer Port ranges in FTPS with SSL in File Adapter

  Hi,
  I would appreciate if you could give me pointers reagrding the below issue.
  We are on XI 3.0.
  For one interface, I have to configure the FTP File adapter to pick up the files from external server.
  The connection is secure and should be FTPS with SSL.
  I have the certificate from the 3rd party and have it installed on our XI development server.
  The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
  I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
  The error i get today is:
  Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
  Yesterday, i got the below error:
  Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
  The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
  He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
  When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
  Please advice.
  Regards,
  Archana

  >
  Archana Singhai wrote:
  > Hi,
  > I would appreciate if you could give me pointers reagrding the below issue.
  > We are on XI 3.0.
  > For one interface, I have to configure the FTP File adapter to pick up the files from external server.
  > The connection is secure and should be FTPS with SSL.
  > I have the certificate from the 3rd party and have it installed on our XI development server.
  > The change has been made in our firewall to allow the connection to the host IP and port 21 which is configured at the target party as Explicit FTPS port and they have allowed access to our Server IP in their firewall.
  > I have configured other FTPS connections and they worked fine but this is the only one that has been giving me so much trouble.
  > The error i get today is:
  > Error occurred while connecting to the FTP server "60.234.48.106:21": java.net.SocketException: Connection reset
  > Yesterday, i got the below error:
  > Error occurred while connecting to the FTP server "60.234.48.106:21": iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
  > The Vendor has suggested to get the firewall ports 21 and 28000:30000 (data transfer) to be opened.
  > He has also provided with the certificate passphrase additionally to the user name and password needed to make the connection.
  > When i tried the connection from the XI development to the vendor server, via the Telnet, it looked like it worked.
  > Please advice.
  > Regards,
  > Archana
  1. Open the port ranges. FTPS usually requires you to open ports in the range of 65024 through 65535 for Passive FTP data
  connections
  2. Use the CA name in the certificate. it should be same as of the host name of the FTPS server

• FTP over SSL connectivity in File Adapter

  Hi All,
    I request your suggestion on my problem.  I have a scenario idoc to file where I am connecting to my vendor server throught SFTP (Ftp over SSL).  In this my vendor specifically told that to obtain secure FTP connectivity to their server they require a pre-approved Secure FTP client be used to access the service.
  So as per this requirement first our XI server need to coneect to the pre-approved client and the connectivity will happen to the vender server.  He list the pre-approved client as below
  *Cleo Lexicom 2.1
  *TrailBlazer ZMOD FTP Client V3R1 PTF Level PFT3100034
  *QualEDI for Windows, 32-bit version
  *Ascential DataStage TX, Release 7.5
  *Future 3 - Advanced Communication Module Plus (ACM Plus)
  *eBridge FTPS Communicator for GXS version 5.3
  *Ipswitch Inc's WS_FTP Professional version 8.02.
  ·Robo-FTP version 3.2
  Please let me know will this be possible from our file adapter.  Currently as per this requirement we open up the port of XI server for SFTP connecvity but through this we can have host to host connection over SFTP and not sure whether we can connect to client software and from their to vendor sever.
  Kindly needful your suggestion/solution on this.
  Regards,
  Dhill

  Hi,
    Thank you,  Yes I have used FTPS only please find the below details given in the communication channel.
  <b>FTP Connection Parameters</b>
  Server: ServerName
  Port : 6366 (specified by vendor)
  Data connection : Passive
  Timeout(secs) : 65
  Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
  Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
  Keystore: service_ssl
  X-509 Certificate and Private Key: ssl-credentials
  User Name : Vendor user name
  Password: Vendor given password
  Connect Mode: Permanantly
  Transfer Mode: Text
  Maximum Concurrency: 1
  and also as per he list given by vendeor we can use *Ipswitch Inc's WS_FTP Professional version 8.02.
  <b>Note:</b> We have Deploying the SAP Java Cryptographic Toolkit and also CA certificate used to sign the server certificate added to the TrustedCAs keystore view.
  So If possible i request you to kindly provide the details how we need to specify the client software between our XI server and Vender server as you mentioned in your solution.
  Please let me know your mail id, i will forward the screenshot of my communication channel.
  Kindly appreciate your help on this.
  Regards,
  Dhill.

• How to use FTPs in SSL Sockets?

  hello Guy's
  can i transfer file using FTPs in ssl....
  need an urgent help in this reguard...

  Hi,
  you need to get new certificate for iWS. It not possible to use same certificate, which one you got for weblogic server.
  I hope this helps.
  Thanks,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• FTPs ON SSL in PI7.1?

  Hello All,
  In PI7.1 i think  FTPS (FTP using SSL/TLS) is enable, as i can see in adapter one option connection security in that we can select FTPS.
  so my question is its already there in PI7.1 so no need to deploy any SAP Java cryptographic toolkit  and Add the CA certificate to the key storage.
  if iam wrong please suggest me.
  if any worked on PI7.1 on FTPS, please let me know.
  Thanks,
  chinna

  Thanks for the reply.
  What exactly is this certificated to the keystore
  where we can find and where we need to deploy.
  Please tell me clearly.iam new to XI and i have to tell the client side to do this all.
  so i need to explain them exactly what to do from there side.
  Thanks and Regards,
  chinna

• FTPS ovr SSL Certificates setup

  Hello all,
  I did quite some research on SDN to get articles on setting up all configuration to do an FTPS over SSL.
  Here is where i Stand:
  I have downloaded the Partner's certificate and have got it into PIs Trusted Keystore,
  but when i try to execute the scenario i get an error in the AE: Failed in the Certificate Chain.
  Can anybody help me with this?
  Thanks in advance

  Have you checked this thread [Configure FTPS sender and reciver communication channel.; also check page 20 of this article 
  [https://www.sdn.sap.com/irj/scn/elearn?rid=/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9&overridelayout=true]

• FTPS/Implicit SSL connections filter

  BorderManager 3.8 on NetWare 5.1 - I have plenty of successful
  ftp-port-pasv-st exceptions that I use, but now I need one for an
  FTPS/Implicit SSL connection, which *should* user port 990. But when I
  define an exception (creating a new packet type, TCP, All source ports to
  990, stateful) I'm able to connect, but I cannot browse folders or transfer
  files. For grins I even tried making an exception for ALL TCP ports from my
  FTP PC to their server - oddly, that wouldn't allow me to connect at ALL.
  Drop filters, and I can get it to work just fine. I would do a TCPIP DEBUG =
  0, but when I do that, BorderManager usually crashes now, and last time it
  crashed, it would immediately abend on reboot, and it took me 4 hours to
  crawl out of this hole.
  I just recently got brave enough to make new filters again (it was making
  them all disappear every time I made a change for the longest time).
  Anyone have any experience with this form of FTP? I've done FTP of course,
  SFTP, and other secure FTP transfers, but this is the first vendor who want
  FTPS/Implicit SSL, which I understand is not nearly as prevalent as Explicit
  SSL.
  Thanks,
  Bruce

  On Feb 26, 3:19 pm, "Bruce Lautenschlager" <[email protected]>
  wrote:
  > Reference the crashes - NDS came up clean after a few passes - and I still
  > had the issues.
  >
  > I ended up running TCPVIEW on the workstation running WS_FTP Pro, and could
  > see that the little ******* was opening up various ports from 1700 up.
  > Different with every file. That blows. SFTP works on the same ports every
  > time - but apparently this wasn't. Whatever. Maybe someday we'll have a realsecurestandard. Right now I transfer about every way known to man,
  > including PGP and VPN. (But WS_FTP can't script PGP, hence I do a lot of
  > SFTP and now this FTPS).
  >
  > I ended up making two non stateful exceptions on all ports from myFTPPC to
  > theirFTPserver. Not the best solution....but - here's why I just needed
  > something to hold me over for a week or two -
  >
  > After many years of BorderManager (and NetWare servers in general), I'm
  > finally getting to do what they hired me for some years back - migrating to
  > complete AD environment, including dual ISA 2006 Enterprise servers to
  > replace BorderManager. I already did the NWSAA to HIS conversions. ZFD is
  > about to give way to Desktop Authority. By next year, only GroupWise will
  > remain (and probably not on NetWare OS), and since I only provide the web
  > portion of that, what happens to that is of little concern to me.
  >
  > I appreciate all the help you've doled out over the years - especially Craig
  > (and the very helpful book I finally bought a couple of years ago). No
  > Novell bashing here...just going in a different direction.
  >
  > Thanks for your help,
  > Bruce
  >
  > "Craig Johnson" <[email protected]> wrote in message
  >
  > news:[email protected]...
  >
  > > In article <[email protected]>, Bruce
  > > Lautenschlager wrote:
  > >> I just recently got brave enough to make new filters again (it was making
  > >> them all disappear every time I made a change for the longest time).
  >
  > > Sounds like you have some NDS issues there that should be looked at.
  >
  > >> Anyone have any experience with this form ofFTP? I've doneFTPof
  > >> course,
  > >> SFTP, and othersecureFTPtransfers, but this is the first vendor who
  > >> want
  > >> FTPS/Implicit SSL, which I understand is not nearly as prevalent as
  > >> Explicit
  > >> SSL.
  >
  > > It seems to me that there are two flavors ofsecureFTP. One uses SSH,
  > > and
  > > just tunnelsFTPthrough an SSH connection. This is easy since you only
  > > need
  > > to allow port 22 through. The other seems to be like what you are seeing,
  > > and
  > > is using different ports than standardFTP, but still working likeFTPin
  > > terms
  > > of using more than one port (for control versus data). This second type
  > > can be
  > > very hard to work with since there is no statefulFTPexception to work
  > > with
  > > it.
  >
  > > I would solve the TCP debug issue first, and just grab the filtered ports
  > > and
  > > add exceptions accordingly. If your exception of all TCP to the target
  > >server
  > > failed, it may be because you also need one for traffic FROM the target
  > >server.
  > > (And your interface selections may have been done incorrectly in the
  > > exception
  > > you tried).
  >
  > > Craig Johnson
  > > Novell Support Connection SysOp
  > > *** For a current patch list, tips, handy files and books on
  > > BorderManager, go tohttp://www.craigjconsulting.com***
  The problem here is that each time you do a directory listing or try
  to upload/download a file in FTP protocol you are using a passive
  client connection. With each passive connection the server assigns a
  port that the client should connect to for initiating the transfer.
  Unless you specify a port range to use within the FTP server software,
  this is generally a random open port on the server > 1024. Naturally,
  this can make configuring your firewall a bit more difficult :( The
  solution to this is to configure your server to use a fixed port range
  for passive FTP connections e.g. 1200-1300. Then in your firewall you
  can configure it to allow inbound connections on these ports. Most
  servers support passive port range configuration. see your server
  docs for details on how to do this. One such platform-independent
  server that supports this is jscape secure ftp server ...
  http://www.jscape.com/secureftpserver/
  Hope this helps.
  Rich

• Dreamweaver (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS..."

  I am evauating wether to purchase Dreamweaver CS6...
  Dreamweaver CS6 trial (on Windows 7) wont connect to IIS (v7) Server using "FTP over SSL/TLS (explicit encryption)".  I have a NEW Godaddy SSL certificate installed on the IIS server. 
  On connecting Dreamweaver states: "Server Certificate has expired or contains invalid data"
  I have tried:
  -ALL the Dreamweaver Server setup options
  -Using multiple certificates (tried 2048 bit and 4096 bit Godaddy SSL certificates)
  -Made sure the certificate 'issued to' domain name matches my domain name.
  I am able to connect no problem using Filezilla, with equivalent Filezilla setting "Require explicit FTP over TLS".  I can also connect fine using Microsoft Expression web. 

  Thanks for your prompt reply.
  My comments:
  1) You should update your tread (forums.adobe.com/thread/889530) to reflect that it still occurs on CS6 (I had already read it but figured it was an old tread and thus should be fixed by now). 
  2) You said “These warnings will also pop up for your users if you have a store saying the SSL certificate does not match the domain/ip and this can make users checking out in a storefront very nervous” .  This does not seem to be correct – my https pages display properly using the same Godaddy certificate … using IE:
  3) Godaddy is not my host (I use Amazon AWS) – but the SSL certificate is from them.

• FTP w/ SSL or SFTP configuration?

  Is it possible to add SSL functionality to the OS X Server FTP service? If not, is there a way to easily configure SFTP to lock users into certain folders? I would like to give FTP w/ SSL or SFTP access to some people on the net, but definitely want to lock them into a specific folder and its subfolders.

  I spent some time looking into Pure-FTPd. I found that while it supports SSL/TLS for the username/password, it doesn't encrypt the data!
  I posted on the Pure-FTPd mailing list and mentioned it seemed strange that they supported encryption for the user/pass but not the data being sent/received - theory being, if something is important enough to protect w/ an encrypted user/pass, isn't it worth keeping it from being sniffed?
  I got a reply that there is a patch someone posted to the mailing list which also applies the SSL/TLS to the data. My next project is to see if I can get that patch compiled and tested.

• Help! Unable to FTP into SSL Server

  PLEASE HELP!
  I lease a secure server that -- for years -- I used to be able to access flawlessly via FTP with Fetch in Passive mode.
  For some reason, I can no longer access this server from either of my Macs, as I have been doing for years. I've changed nothing on my Macs, except for downloading and installing Apple's various "patches"... which leads me to think that this is the culprit.
  I've double checked my DSL modem... my DSL service... even my Hosting provider has double-checked everything... all is well. I can access the SSL server on a different machine without issues, and can even access other non-SSL servers just fine with either of my Macs. BUT... when I try to access my SSL server, I ALWAYS get the same error message:
  "Can't build data connection: Connection timed out."
  I've even tried a half-dozen other FTP programs... ALWAYS the same results. (Even if I go to a local coffeeshop and, using my wireless connection, use a completely different service provider... I STILL get the same results!!!
  THIS leads me to suspect something is obviously wrong here... but I am completely stumped.
  If anyone can offer me any enlightenment or, ideally, help me solve this issue. I'll put in a good word for you with the Honcho upstairs!
  Thanks,
  Jeff
  P.S. I'm using two different Macs... always getting the same results:
  15" Powerbook G4/1 Ghz w/OS X 10.3.9 and
  PowerMac G4/533 Mhz w/OS X 10.2.8...
  ... each with FAR more RAM and Disk Space than is even a concern!
  P.P.S. I'm also including a Session Log as reference... the username, password, IP address and domain name are bogus, but the rest is actual.
  =========
  Connection attempt 1:
  Connecting ssl.domainname.com (123.45.67.890)
  220 host.domainname.com FTP server (Version wu-2.6.1-16) ready.
  USER username
  331 Password required for username.
  PASS ******
  230 User username logged in. Access restrictions apply.
  SYST
  215 UNIX Type: L8
  Remote system is UNIX - text files transfer optimization is ON
  MACB ENABLE
  500 'MACB ENABLE': command not understood.
  PWD
  257 "/" is current directory.
  PORT 10,0,0,5,192,111
  200 PORT command successful.
  LIST
  425 Can't build data connection: Connection timed out.
  15" G4/1 Ghz Powerbook Mac OS X (10.3.9) PowerMac G4/533 Mhz (running 10.2.8)
  15" G4/1 Ghz Powerbook Mac OS X (10.3.9)
  15" G4/1 Ghz Powerbook   Mac OS X (10.3.9)  

  Hi Jeff,
  Curiously, do you have a firewall up and running at home? Have you checked to see if port 21 (for FTP) is open and/or forwarded?
  I couldn't access a FTP server which I used to visit (prior to getting broadband access) and realized that I needed to forward port 21 in my router settings to properly connect.
  Also, are Sharing settings/privileges set correctly?
  Hope this helps a little...
  Steve

• FTP and SSL

  I need to set up a filter exception to allow secure FTP. The company gave us a port of 5640 so I'm not real sure on the filter exception with SSL over FTP. I couldn't find anything that references that in Craig's book. I know it connects with the filters down so that has been tested. It's running on NW 6.5 BM 3.8 sp4 (I believe)
  Thanks
  Al

  Originally Posted by Craig Johnson
  In article <[email protected]>, Abens wrote:
  > By the way hope brainshare went well for you. Didn't get out this
  > year.
  >
  Yes, it went well.
  This year I did a session on iFolder 3.6 instead of BorderManager.
  After speaking on BMgr for 8 of the last 9 years (and migrating from BM
  to Astaro the other year), I kind of ran low on topics to cover with
  BM!
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
  Sorry I missed it this year, but those things happen.
  I did resolve this problem though. Apparently after we did the secure FTP connection to the company and authenticated their FTP server sent the list command out of a different port. They only gave me port 5640 for the secure port. After talking to them they also use a range of 5700 - 5704. So I created the filters with ports 5640 -5704 and the source ip address and the tunnel problem on the list command worked. The only thing that I could come up with is they used 5640 to come in and authenticated but used one of the other ports for response.
  Does this make sense?
  Also sent you an e-mail on some consult time, for BES and BM but I got that resolved also.
  Thanks for the help
  Al

• Java Client FTP with ssl and fxp

  Hy, I make java ftp client that supports ssl and fxp. I found for ssl something but nothing for fxp. Do you have any information for me regarding java and fxp?
  Best regards

  is this going over the internet, a private connection. a vpn over the internet? are there any logs that show any ftp error codes? if there is a firewall in play, does it show any logs on this connection?

• FTP with SSL cert on ACNS via WCCP

  I have a client using an SSL cert to connect to an ftp server. The user is being redirected to a CE-511 via WCCP v2 but the FTP connection does not work. If I bypass the user (in my wccp acl) it works fine - following a default route to my PIX.
  Any info, good or bad will be greatly appreciated.
  - Matt

  What is the software version running on the CE-511. Did you try upgrading to the latest version of the firmware. This should solve the issue.