Working with SSL certificates - WeOnlyDo Discussion board

Working with SSL certificates (wodFtpDLX / wodFtpDLX.NET)

by sisank, Saturday, September 11, 2004, 03:24 (7138 days ago)

Hello,

I am evaluating WodFtpDlx product, and I can't make it work with SSL(Explicit) connection mode. I have tried all the examples given by WeOnlyDo but no luck. Can you help me on this.

All I want to do is to develop a Ftp Client in (VB) which work on FTP/SSL protocol.

My Ftp Server is Serv-U which supports SSL Explicit and it doesn't require any Client side certificates.

Re: Working with SSL certificates

by wodSupport, Saturday, September 11, 2004, 03:26 (7138 days ago) @ sisank

Sisank,

we test mostly with Serv-U so I am confident this will work.

How can I duplicate your problem? Is your server online for me to try? Did you manage to connect to your server with any other FTP client application?

Regards.

Re: Working with SSL certificates

by wodSupport, Saturday, September 11, 2004, 04:03 (7138 days ago) @ wodSupport

I believe this is now fixed in 2.3.0.2.

Re: Working with SSL certificates

by ed, Tuesday, October 12, 2004, 21:10 (7107 days ago) @ wodSupport

I'm also evaluating this software for use in our company. The product will be used as an all-around secure/ftp client for communicating with different organizations.

Please pardon my ignorance as I am not very familiar with the whole certificates issue.

I setup OpenSSH on a Linux machine. I was able to SFTP into the linux machine (no password) using the LoadKey method of the Certificate object. Where do certificates fit into all of this(how do I test)?

For a client application, would I need to use the Load method? A separate application will generate keys and certificates(if needed).

Is there a misprint on the wodCertificate.chm on the Export method. The Description says: Exports PKCS#12 file that holds certificate and public key . But on the remarks section: ...that will hold both certificate information and your private key...

So far, I'm testing with for ProtocolsEnum.SFTP. Any suggestions on how to setup a server for FTPSnodata, FTPSwithdata and FTPSimplicit?

Does FTPSnodata, FTPSwithdata and FTPSimplicit also deal with privatekey/certificates?

Re: Working with SSL certificates

by wodSupport, Wednesday, October 13, 2004, 01:09 (7106 days ago) @ ed

ed,

I setup OpenSSH on a Linux machine. I was able to SFTP into the linux machine (no password) using the LoadKey method of the Certificate object. Where do certificates fit into all of this(how do I test)?

wodCertificate is the object that deals with certificates and private keys for wodFtpDLX. In SSH/SFTP mode no certificiate is actually used - only the private key, but in any case same object (wodCertificate) is used for loading. If you would change the protocol in wodFtpDLX later on - you would still use same architecture (wodFtpDLX + wodCertificate) just by adding one more Load call to make things work.

For a client application, would I need to use the Load method? A separate application will generate keys and certificates(if needed).

I am not sure I understand, but I think answer is Yes. If you plan to authenticate with the private key, you will need to use wodCertificate to load that key, and then pass it's reference to wodFtpDLX'es Certificate property. Why do you try to avoid this?

Is there a misprint on the wodCertificate.chm on the Export method. The Description says: Exports PKCS#12 file that holds certificate and public key . But on the remarks section: ...that will hold both certificate information and your private key...

PFX files can hold both of these - usually it is used to export certificates (and private keys if they exist) from Windows registry store to a file.
But forget about certificates for a moment. SFTP protocol does not use them - it uses only private keys. If you know how idea of SSL works (this is different than SFTP!), each side that has it's certificate also contains private key. Certificate holds public key. If you don't have the private key, you cannot decrypt the data.
SFTP uses similar technique, but doesn't use certificates (iow it doesn't need 'fancy' information about the client/server). It uses public key (to be stored on the server) and the private key (that you hold in your hands).

So far, I'm testing with for ProtocolsEnum.SFTP. Any suggestions on how to setup a server for FTPSnodata, FTPSwithdata and FTPSimplicit?

You need different server :) These are completelly different technologies. I am not sure which server supports both (or all). For SFTP most tests are done by OpenSSH which is purely SSH/SFTP server. For FTPS (FTP+SSL) you can get Serv-U, for example.

Does FTPSnodata, FTPSwithdata and FTPSimplicit also deal with privatekey/certificates?

Yup, they do - but only if you want to use client authentication with certificates. Aaand, it gets a bit more mixed up, you need to learn how these 'certificate issues' work. I'll be glad if I can help during that.

Regards.