Ftp ssl settings and certificates

Ftp SSL and Certificates

The Ftp-j module supports explicit and implicit SSL. It also supports x509 certificates. The certificates (client or server) are handled internally by Sun's Java api. The certificates are managed directly by the user via the commandline using java's keytool utility.

Keytool is located in the [install_directory]\jre\bin subdirectory. Open a DOS command prompt on windows, or terminal or unix/macosx and type in:
cd [install_directory]\jre\bin
then at the prompt, type in:
keytool -help

if you see a list of commands then keytool is installed and working correctly.

Setting up a Key Store
The Key Store contains all the certificates (client or server) that you can use to connect to Ftp Servers. If no Key Store exists, a default Key Store will be automatically created when you first import or create a certificate using the -import or -genkey commands. The default keystore file name is .keystore and is located in the users home directory.
In the Ftp SSL tab, you will be required to enter the full path to this keystore file.

Importing a Certificate
use the following command to import an existing x509 certificate:
keytool -import -alias joe -file c:\......\certificate_file.cer

Make sure that the certificate_file.cer exists and the full entered path to it exists. The import command will automatically create a keystore. It will also prompt you for a keystore password. Make sure to enter a password and DO NOT FORGET this password.
In the Ftp SSL tab, you will be required to enter this keystore password.

Generating a Certificate
If you do not have an existing Certificate and private key, use the following command to generate a new key pair & certificate:
keytool -genkey -alias joe

Then follow instructions. Keytool will request a password for the private key. DO NOT FORGET this password. This command creates a self-signed certificate that includes the public key information. This certificate is associated with the private key in the keystore entry referred to by the alias "joe". The default key created by the genkey command is dsa 1024.

Exporting a Certificate
Use the following command to export the public certificate for the alias joe:
keytool -export-alias joe -filecertificate_file_path

Then give the public certificate file to the Ftp Server administrator.The format of the key is very important (dsa or rsa).