Hello.
I'm working on a PO 7.31 landscape, development environment.
I'm trying to configure a scenario where sender is a filezilla server and it needs to be accessed securely, using SSL certificates.
Since this is still on development stage, I thought there's still no need to pay for a certificate, self-signed cert from the filezilla server should be enough but no, I still can't connect with the FTP server and I tried almost everything, even using getacert, a free for testing ca.
I've read a lot of threads and notes but nothing seems to work.
Here is what I have done so far:
From PO side:
* ensure PO server can reach filezilla server
* ensure proper usage of sapcryptolib (5.5.5pl32)
* use filezilla server IP address as server in comm channel config
* use port 21 in comm channel config
* use conn security FTPS for control and data connection in comm channel config
* left X.509 for client auth unchecked in comm channel config
* set valid user and password in comm channel config
* use connect mode per file transfer in comm channel config
* use transfer mode binary in comm channel config
* install self-signed cert from filezilla server on TrustedCAs storage view.
* also install getacert ca certificate on TrustedCAs storage view.
* create a view and install there a PKCS#12 key pair signed by getacert.
* enabled debug level on every related log to ensure I am not missing error/exceptions details.
From filezilla side (I have control of it):
* enabled FTPS
* allow explicit FTP over TLS
* left disallow plain unencrypted FTP unchecked
* left force PROT P unchecked
* generate self-signed cert with IP address as CN
* also import pkey and cert signed by getacert, with password
* ensure I can access the FTP server using explicit TLS with several clients (Total Commander FTP client and WinSCP)
PO log has only the following trace for each time the comm channel tries to connect:
#2.#2014 11 26 16:08:41:878#0-500#Error#com.sap.aii.security.lib.net.ssl.impl.IAIKSSLSocketFactoryImpl$SSLSocketImpl#
#BC-XI-CON-AFW-SEC#com.sap.aii.sec.lib#C0000AE71264117C0000000000640062#3264651000070643##com.sap.aii.security.lib.net.ssl.impl.IAIKSSLSocketFactoryImpl$SSLSocketImpl#Guest#0##515A9FDB742811E4B67782289DAD6D0B#515a9fdb742811e4b67782289dad6d0b#515a9fdb742811e4b67782289dad6d0b#0#XI File2XI[FTPSSenderTest/OrgFTPSite_D/]_15877#Plain##
ssl_debug(45): Starting handshake (iSaSiLk 4.403)...
ssl_debug(45): Sending v3 client_hello message to 10.8.37.42:21, requesting version 3.1...
ssl_debug(45): IOException while handshaking: Connection closed by remote host.
ssl_debug(45): Sending alert: Alert Fatal: handshake failure
ssl_debug(45): Shutting down SSL layer...
#
#2.#2014 11 26 16:08:41:878#0-500#Error#com.sap.aii.adapter.file.File2XI.invoke()#
com.sap.SOA.apt_file.0002#BC-XI-CON-AFW#com.sap.aii.af.lib#C0000AE71264117C0000000200640062#3264651000070643##com.sap.aii.adapter.file.File2XI.invoke()#Guest#0##515A9FDB742811E4B67782289DAD6D0B#515a9fdb742811e4b67782289dad6d0b#515a9fdb742811e4b67782289dad6d0b#0#XI File2XI[FTPSSenderTest/OrgFTPSite_D/]_15877#Plain##
Channel FTPSSenderTest: Error connecting to ftp server '10.8.37.42': java.io.EOFException: Connection closed by remote host.#
filezilla server log says as follows:
(000001)26/11/2014 04:07:40 p.m. - (not logged in) (10.77.12.40)> Connected, sending welcome message...
(000001)26/11/2014 04:07:40 p.m. - (not logged in) (10.77.12.40)> 220-FileZilla Server version 0.9.41 beta
(000001)26/11/2014 04:07:40 p.m. - (not logged in) (10.77.12.40)> 220-written by Tim Kosse (Tim.Kosse@gmx.de)
(000001)26/11/2014 04:07:40 p.m. - (not logged in) (10.77.12.40)> 220 Please visit http://sourceforge.net/projects/filezilla/
(000001)26/11/2014 04:07:40 p.m. - (not logged in) (10.77.12.40)> AUTH TLS
(000001)26/11/2014 04:07:41 p.m. - (not logged in) (10.77.12.40)> 234 Using authentication type TLS
(000001)26/11/2014 04:08:40 p.m. - (not logged in) (10.77.12.40)> 421 Login time exceeded. Closing control connection.
(000001)26/11/2014 04:08:40 p.m. - (not logged in) (10.77.12.40)> disconnected.
I'm thinking it might be the SSL version, PO is requesting version 3.1 but I don't know which SSL version is using the filezilla server, couldn't find.
Can anyone help me with this? It's been now a week since I'm dealing with this and I'm giving up now.
Feel free to ask for logs or screenshots if you think something is missing.
Thank you very much.