Sidebar

Can QIE connect to a FTPS server that has an expired Certificate?

0 votes
414 views
asked Aug 15, 2017 by brandon-w-8204 (31,300 points)
edited Nov 18, 2020 by brandon-w-8204
I get an error "234 AUTH command OK. Initializing SSL connection. java.security.cert.CertificateExpiredException: NotAfter:" error when I try to connect to a FTPS site that has an expired Certificate. However I can use other FTP applications and it will connect.

1 Answer

0 votes

QIE can accept an expired certificate if it is in a Java truststore and specified on the FTP connection.

1. Download the FTPS certifcate

Us FireFTP add-on for FireFox which enables FTPS protocol and stores certificate in FireFox default store. Install add-on and just type in address bar ftps://your.site and connect. Then export the certificate from tools->options->advanced->encryption->vew certs.

OpenSSL has a command line you can use to get the certificate

openssl s_client -showcerts -connect ftp.site.com:990

2. Create a Java truststore

1. Import the .cer file into qie under the certificates.
2. Export the certificate as a Java Key Store and set a password.
3. Save the .jks file in a location that QIE can access on the qie server. Example: C:\programdata\qie\SSL

3. Add the Custom Camel Parameter.

ftpClient.trustStore.file = C:\programdata\qie\SSL\javatruststore.jks
ftpClient.trustStore.type = JKS
ftpClient.trustStore.algorithm = SunX509
ftpClient.trustStore.password = jksPassword

answered Aug 15, 2017 by brandon-w-8204 (31,300 points)
edited Dec 15, 2020 by brandon-w-8204
...