Information on how to use the ssl/tls feature for secure ftp

[ghisler(Author)]

Yes, command line in the directory of the openssl.exe command. Use Shift+Enter to keep the result window open.

[Michael Diegelmann]

In the first post of this thread you have given very detailed instructions for installing the SSL-DLLs (thanx!) and in step 2 you recommend:

"2. Copy the three dlls libssl32.dll, libeay32.dll and zlib1.dll from the "bin" subdir of the archive to the Total Commander directory."

Unfortunately, the bin subdirectory in the archive http://curl.haxx.se/gknw.net/7.34.0/dist-w32/curl-7.34.0-devel-mingw32.zip currently available for download only contains the two files libeay32.dll and zlib1.dll but not the third one libssl32.dll. What should be done about this?

In step 9 you give the direction:

"9. Issue the following two commands to convert to openssl format:
openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem"

Unfortunately, there is no command 'openssl' available at the Windows XP command line interpreter CMD.exe (which wasn't a great surprise to me). An openssl.exe file (mentioned e.g. by karlchen in his post from Jun 26, 2008 or by Chr. Ghisler in his above reply) could neither be found anywhere on my hard disk nor in the above mentioned SSL download package curl-7.34.0-devel-mingw32.zip. Any idea what to do about this problem?

[ghisler(Author)]

Please use ssleay32.dll instead.

[ache]

Please use ssleay32.dll instead.

There are more strange things in your very first message:
1) "openssl x509 -in unfiltered.pem -out rootcert.pem" command converts the very first certificate only, dropping all others from unfiltered.pem, so exporting them all from IE have no sense. Probably renaming unfiltered.pem to rootcert.pem will be enough.
2) I can't find the name rootcert.pem anywhere in TC binaries or ssl dlls. The only *.pem I found was wincmd.pem. Are you sure that rootcert.pem name is right? I can't test it right now since I am too lazy to dig rare ftps with officially signed certificate.

[white]

2) I can't find the name rootcert.pem anywhere in TC binaries or ssl dlls. The only *.pem I found was wincmd.pem. Are you sure that rootcert.pem name is right? I can't test it right now since I am too lazy to dig rare ftps with officially signed certificate.

You are right. The name must be "wincmd.pem".



I found another way to export the explorer certificates to this .pem format. Without needing to install any program.

The exported certificates must be in X.509 format and encoded using MIME Base64.

In Internet Options you can export one certificate at a time to X.509 format but not multiple certificates at once. However using drag and drop you can export all certificates at once, but the certificates will be exported to separate files and without the lines "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". (Tested with Windows XP and Windows 8.)

My solution is to first use drag and drop from Internet Options, and then concatenate all files and add the missing lines.

• Create a new folder to drop the certificates into.
• Start Internet Explorer and open its configuration dialog (or open Internet Options via Control Panel)
• Go to the page "Content"
• Click on "Certificates"
• Go to the page "Trusted root certificate authorities"
• Select all certificates (click first certificate, then Shift+click last certificate)
• Click on"Advanced"
• Choose "Base64 encoded X.509 (*.cer)" as Export Format and click OK
• Drag all selected certificates to the folder created in the first step (if you drop into Total Commander use More Options/Auto-rename copied if an overwrite dialog pops up)
• Create a button on the button bar using this data:

  Code: Select all

  Command:    %comspec%
  Parameters: /q/c (for /F "delims=" %%i in (%l) do (echo -----BEGIN CERTIFICATE-----&type %%i&echo -----END CERTIFICATE-----))>>"wincmd.pem"
  Icon file:  <choose a file you like to use for the icon>
  Tooltip:    Add selected certificates to wincmd.pem

• In Total Commander go to the folder containing all exported certificate files and select all files
• Click the button created 2 steps above (the selected certificate files will be added to the file "wincmd.pem" in the same folder)
• Put the wincmd.pem file in the same folder as your wincmd.ini file (see Help/About in Total Commander)

[white]

[mod]I updated the information in the first post by adding a moderator message with important notes.

White (moderator)
[/mod]

[AquaBall]

I've followed "Post1/Important notes" very precisly.
But still error message: "Please put libssh2.dll and libeay32.dll either ..."
What's wrong?

Screenshot can be seen at:
http://www.bilderhoster.net/9tfdslmz.jpg.html

[sqa_wizard]

AquaBall: Your files are wrong.
You put the 64-bit version into TC folder, but use the 32.bit version

Please put the 32-bit version in TC folder.
Next create a sub folder named "64" and put the 64-bit version into this folder.

32-bit Version (curl-7.34.0-devel-mingw32.zip )

Code: Select all

libeay32.dll	1.704.448	08.02.2013 21:44
libssh2.dll	171.008	04.12.2012 11:42
ssleay32.dll	364.544	08.02.2013 21:44
zlib1.dll	113.166	22.06.2013 19:23

64-bit Version (curl-7.34.0-devel-mingw64.7z)

Code: Select all

libeay32.dll	1.447.424	08.02.2013 20:51
libssh2.dll	144.896	29.01.2013 03:59
ssleay32.dll	314.880	08.02.2013 20:51
zlib1.dll	89.600	22.06.2013 18:18

[AquaBall]

Quite a hard work.
Now it works fine!
Thanks a lot for your quick help!

Two more questions:
1) Could I've found it out by myself in any post?
(Which one?)

2) I'm using Win7-64b, so why am I using TC 32b?
(I didn't decide this intentionally.)

[white]

1) Could I've found it out by myself in any post?
(Which one?)

It's mentioned in the notes in the first post:

32-bit: Copy the dll files to the Total Commander program folder.
64-bit: Preferred location is in a folder named "64" in the Total Commander program folder.

2) I'm using Win7-64b, so why am I using TC 32b?
(I didn't decide this intentionally.)

Probably you used the combined installer which contains 32bit and 64bit version of Total Commander. On 64bit Windows, this installer will install both the 32bit and 64bit version. To use the 64bit version you need to use the shortcut "Total Commander 64 bit.lnk". The 64bit version shows "Total Commander (x64)" in the title bar.

[ache]

Due to Heartbleed bug it is better to install updated libeay32.dll and ssleay32.dll from slproweb (can't post URLs)

[MarcinW]

These OpenSSL builds are fixed now:

Win32 OpenSSL v1.0.1g Light
Win64 OpenSSL v1.0.1g Light

Copying DLLs to the Windows system directory can be selected during installation, so there is no need to copy any DLLs to the TC directory.

[white]

Copying DLLs to the Windows system directory can be selected during installation, so there is no need to copy any DLLs to the TC directory.

How does that work when using both 32bit and 64bit?

[MarcinW]

I have never used 64-bit OpenSSL, but I suppose that during installation 32-bit DLLs are copied to %windir%\SysWOW64\, and 64-bit DLLs are copied to %windir%\System32\ - just as described here: File System Redirector.

Both 32-bit TC and 64-bit TC try to load %windir%\System32\x.dll, but 32-bit TC is being redirected silently by the OS to %windir%\SysWOW64\x.dll. So everything should work properly.

Regards

[white]

2MarcinW
Thanks. Yes, it should work OK. Can someone confirm it works OK?