[EDT Support]

[support2]

[support2]

[EDT Support]

FYI, the static method com.enterprisedt.net.ftp.ssl.SSLFTPClient.[url=http://www.enterprisedt.com/products/edtftpjssl/doc/api/com/enterprisedt/net/ftp/ssl/SSLFTPClient.html#getServerCertificate(java.lang.String, int)]getServerCertificate(String,int)[/url] queries the server for the SSL certificate and returns it as an .

- Hans (EnterpriseDT)

Bruce, I didnt try to load the CA cert only since it is not my intention. My intention is to load the end certificate and it should be ok.
But anyway, there are lots of TLS implementation, in which the servers do not send the whole cert in the certificate chain to the client but only its own certificate although it is not a self signed one, so that I can not import the CA cert on the fly.

Hans, thats a nice method.. Will it return the end certificate only or the whole certs in the chain sent by the server?

[EDT Support]

It only returns the end certificate.

Hans, I tried the method you mentioned and got Read timed out.

com.enterprisedt.net.ftp.ControlChannelIOException: Control channel unexpectedly closed ('
at com.enterprisedt.net.ftp.FTPControlSocket.A(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.E(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.F(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPControlSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.getServerCertificate(Unknown Source)

com.enterprisedt.net.ftp.ControlChannelIOException: Read timed out
at com.enterprisedt.net.ftp.FTPControlSocket.A(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.E(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.F(Unknown Source)
at com.enterprisedt.net.ftp.FTPControlSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPControlSocket.<init>(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.connect(Unknown Source)
at com.enterprisedt.net.ftp.ssl.SSLFTPClient.getServerCertificate(Unknown Source)

SSLFTPCertificate cert = SSLFTPClient.getServerCertificate("demo.intra.net", 7135);

I rechecked the server name and port. It can be connected by openssl command line on the same host. I also tried to connect to a port on localhost but same exception is thrown.

[EDT Support]

[EDT Support]

What do you mean when you say that you can connect with OpenSSL? Which command did you execute?

Are you able to connect with ?

I can connect with openssl with the command: openssl s_client -connect demo.intra.net:7135 -showcerts
The certificate will then be shown and I got FTP status OK. And I can connect with filezilla either.

$ openssl s_client -connect demo.intra.net:7135 -showcerts
CONNECTED(00000003)
[certificate stuff snipped]
---
220 Welcome to FTP server

[EDT Support]

Ah I see what's going on. FTPS is used to refer to two different protocols. They are described as "explicit FTPS" and "implicit FTPS". Explicit FTPS connects in plain FTP mode and then switches to TLS after the AUTH command is issued by the client. Implicit FTPS connect as TLS socket, in other words the TLS handshake occurs immediately. SSLFTPClient.getServerCertificate() only works with explicit FTPS. This never actually occurred to me before, which is why I didn't mention it earlier.

Sorry to lead you up the garden path.