Skip to main content
A
Anonymous
March 2, 2011
Question

Coldfusion secure FTP & digital certificates

  • March 2, 2011
  • 1 reply
  • 1671 views

Hello !

I am currently in the process of developing a corporate CF intranet site that is behind a corporate firewall and part of the application will need to send a data file (FTP put) to a remote FTP server using secured FTP (FTPS). I have never used Coldfusion before for either secured or unsecured FTP.  I am planning on using the CFFTP tag to open the connection and send the data file but I have a number of other questions regarding the use & installation of the digital certificates.:

Current development environment setup:

CF version 9 standard edition running on Windows Server 2008 R2

Microsoft IIS 7

Current production environment setup:

CF version 9  enterprise edition running on Windows Server 2008 R2

Microsoft IIS 7

1.  The data file that is being created must be sent to a finanacial institution and they will be providing a digital certificate (p12 format) to me.  What do I do with that certificate once I get it ?  I have installed SSL certificates before on http web sites with IIS without any issues but I am not sure what to do with the certificate for secured FTP.  Do I import the certificate into IIS using the MMC snap on or does the certificate need to be integrated into Coldfusion in some other way and if so, what needs to be done ?

2.  What other steps need to be prior to being able to use the CFFTP tag for a secured FTP send ?

I would appreciate as much help as possible as I haven't used CF for FTP before.

Thank you.

    This topic has been closed for replies.

    1 reply

    D
    Community Expert
    Dave WattsCommunity Expert
    Community Expert
    March 2, 2011

    I've never used CF with secure FTP and certificates either, so I don't know whether it'll work at all! That said, you'd need to import certificates into the Java keystore, not into IIS. Google "coldfusion java keystore keytool" for more information.

    Dave Watts, CTO, Fig Leaf Software

    http://www.figleaf.com/

    http://training.figleaf.com/

    Dave Watts, Eidolon LLC
    A
    Anonymous
    March 8, 2011

    Dave,

    Thank you for answering.

    1.  I have imported the certificate into the cacerts file by using the following command:

         keytool -import -keystore ../lib/security/cacerts -alias x  -file c:\downloads\y

         where x was the alias name I assigned and y was the certificate name (extension of 'der').

    I tried importing a p12 and p7b certificate but neither of those worked.  I received the message 'Not a valid X.509 Certificate' from the command.  I then successfully imported a Base64 certificate (der).  I believe the certificate has been successfully imported because I ran the following and it shows the MD5 fingerprint:

         keytool -list -alias x -keystore ../lib/security/cacerts

         where x is my alias name I assigned in the original import

    2.  I then ran the following CFM command replacing the '*'s with the appropriate server name, user name, and password

         <cfftp action="open" connection="conn1" secure="yes" server="********" username="******" password="*****" port="21"

        

         </cfftp>

         I am getting the CF error

    An error occurred while establishing an sFTP connection.

    Verify your connection attributes: username, password, server, fingerprint, port, key, connection, proxyServer, and secure (as applicable). Error: User Authentication failed.

    Any suggestions or help would be appreciated.

    Thank you.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices