Information on how to use the ssl/tls feature for secure ftp

Here you can propose new features, make suggestions etc.

Moderators: white, Hacker, petermad, Stefan2

OutlawZ
Junior Member
Junior Member
Posts: 5
Joined: 2006-11-12, 21:40 UTC

Post by *OutlawZ »

I forgot

One question.

Is it possible in the future not to use this rootcerts.pem file, only accept the cert offered by the ftp server? like in browsers when accessing https site-s.
User avatar
Clo
Moderator
Moderator
Posts: 5731
Joined: 2003-12-02, 19:01 UTC
Location: Bordeaux, France
Contact:

G. & Author only know

Post by *Clo »

2OutlawZ

:) I don't know if this is planned and possible…

- I think you mean the public keys ? Maybe the Author has a clue about that.

BTW : During the private tests, I got also the too old DLLs, so I was aware… ;)

:mrgreen: KR
Claude
Clo
#31505 Traducteur Français de TC French translator Aide en Français Tutoriels Français English Tutorials
OutlawZ
Junior Member
Junior Member
Posts: 5
Joined: 2006-11-12, 21:40 UTC

Post by *OutlawZ »

2Clo

I hope that's possible cuz i've seen it other ftp clients fith ftps support and i hope it's planned

Yepp i meant the public keys.

After my ftp server has ftps support and found a great ftps client in tc, now i'm trying to conf Apache 2.2 with mod_ssl and openssl on Win32 sys but it looks to be impossible always get error msgs, so i have now funny days, but i'm glad to get working the tc's ftps support.

Regards

OutlawZ
User avatar
Clo
Moderator
Moderator
Posts: 5731
Joined: 2003-12-02, 19:01 UTC
Location: Bordeaux, France
Contact:

Useful !

Post by *Clo »

2OutlawZ

:) Hello !
…After my ftp server has ftps support and found a great ftps client in tc, now i'm trying to conf Apache 2.2 with mod_ssl and openssl on Win32 sys but it looks to be impossible always get error msgs, so i have now funny days, but i'm glad to get working the tc's ftps support.
• No doubt that such tests are useful for that new (ticklish) function in TC !
- So, please report the results here, they will be welcome ! ;)

• Have fun ! :D

:mrgreen: KR
Claude
Clo
#31505 Traducteur Français de TC French translator Aide en Français Tutoriels Français English Tutorials
OutlawZ
Junior Member
Junior Member
Posts: 5
Joined: 2006-11-12, 21:40 UTC

Post by *OutlawZ »

2Clo

It's my pleasure to help to test some features.

Now i have some problems. inside of lan work fine implicit and explicit ssl too, but i'm behind a router and tried it from outside, and always get error after LIST command:
425 Cannot open data connection.
the server is in the routers DMZ and PASV mode not helped.

- DMZ forwards all queries to the defined ip, isn't?
- If i open a range of ports thats not too secure any way..

Any idea?

Regards

OutlawZ
Phobophile
Junior Member
Junior Member
Posts: 8
Joined: 2006-06-01, 18:56 UTC
Contact:

Thanks Ghisler

Post by *Phobophile »

Hi,
Just wanted to say thank you (Ghisler) for this feature!
I've just tested it and it works great!
You're doing an excellent work with TC and I am very happy with this product!!

:D

Dor Karter
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

2OutlawZ
You cannot use active (PORT) mode with NAT routers. Why? The control connection is encrypted, so the router cannot see the PORT commands, and cannot convert them to the outside IP address!

One solution is to turn OFF the encryption of the control connection just after sending user name and password.

You can do this in RC1 by adding the command
CCC
to the "Send commands" field in the configuration of that ftp connection.
Author of Total Commander
https://www.ghisler.com
User avatar
white
Power Member
Power Member
Posts: 4593
Joined: 2003-11-19, 08:16 UTC
Location: Netherlands

Drag and drop support for https

Post by *white »

Why can't I drop a https url with Shift key pressed onto the Total Commander window in order to download a file?
It is possible to do so with a http url. Why not with a https url? Is it not supported (yet)?
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) »

Sorry, TC does not support HTTPS internally because of Swiss Crypto regulations. I'm using my own HTTP download code, so I cannot add HTTPS there. That's why in the WebDAV plugin I switched to the Internet* functions for HTTP transfers, because it also supports HTTPS. It has some other limitations, though, that's why I'm not using it for the HTTP downloads in TC, sorry.
Author of Total Commander
https://www.ghisler.com
muzzi
Junior Member
Junior Member
Posts: 2
Joined: 2008-06-26, 21:15 UTC

Post by *muzzi »

Hey a real begginer here
i am stucked with this part:

"9. Issue the following two commands to convert to openssl format:

openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem

10. Put the file rootcert.pem in the Total Commander directory"


Where should i put those commands? i have done all till this step!
What now?
User avatar
karlchen
Power Member
Power Member
Posts: 4601
Joined: 2003-02-06, 22:23 UTC
Location: Germany

Post by *karlchen »

Hi, muzzi.

Going through Chrstian's instruction here, I am confident that
  • (9.) the two openssl commands need to be typed inside a cmd.exe window (Command Prompt) manually once
  • (10.) just tells you that the file rootcert.pem (cf. step (9) above, please) needs to be saved inside the Total Commander programme folder. You can even use T.C. itself to copy it there.
HTH,
Karl
muzzi
Junior Member
Junior Member
Posts: 2
Joined: 2008-06-26, 21:15 UTC

Post by *muzzi »

Ok but in command prompt i got this:
"openssl' is not recognizes as internal or external comand,...


Maybe i should rename it manually in tc :) lol - just kidding
User avatar
karlchen
Power Member
Power Member
Posts: 4601
Joined: 2003-02-06, 22:23 UTC
Location: Germany

Post by *karlchen »

Hi, muzzi.

Either open the cmd.exe window inside the folder where the openssl.exe has been stored.
Or you need to prefix the complete pathname to openssl.exe.

Karl
Jagoda
New Member
New Member
Posts: 1
Joined: 2008-09-01, 17:34 UTC
Location: Croatia

Post by *Jagoda »

karlchen wrote:Hi, muzzi.

Going through Chrstian's instruction, I am confident that
  • (9.) the two openssl commands need to be typed inside a cmd.exe window (Command Prompt) manually once
  • (10.) just tells you that the file rootcert.pem (cf. step (9) above, please) needs to be saved inside the Total Commander programme folder. You can even use T.C. itself to copy it there.
HTH,
Karl
Hello, everyone :).

I'm here for the first time and I show up because I have troubles with both old and new Total Commander, so I somehow got to this topic and read instructions that were supposed to help me.

I've followed written instructions and also stuck on the 9th, so I followed these quoted instructions, and had the same problem as muzzi. then when I opened cmd.exe in the same folder where openssl.exe is stored, and typed those 2 commands, I got : "The system cannot execute the specified program."

Now I don't know what to do. I WOULD "prefix the complete pathname to openssl.exe", but I don't know what it actually means :-D.

Would someone please be kind and explain it to me more precisely? :) Karl or anyone? :)
TheWink
Junior Member
Junior Member
Posts: 2
Joined: 2008-09-03, 16:39 UTC

Post by *TheWink »

Why ftps support does not work with portable (run by starttc.exe) Total Commander ? I copied neccesary OpenSSL dlls to TC dir, but everytime I try to connect to my FTPS server I got popup saying OpenSSL libraries are not found.
Post Reply