PDA

View Full Version : SSL config problem


Coffee
12-01-2005, 08:06 PM
Hello,

First of all i used search and read through the forum and the KB.

I installed SSL on different boxes without problems.
One box giving me headaches though, it's runing winXP ( like the others).

on Loggin i get
504 AUTH %s unsupported.
Failed SSL/TLS negotiation, disconnected

Q: What does "504 AUTH %s unsupported." mean ? Appears on login, when SSL is enabled.
A: This error means that ioFTPD SSL isn't configured correctly.

It can be for any of those reasons:
- You didn't install your SSL certificate correctly; you installed the certification in another user's than the one running ioFTPD; you imported in the wrong database; etc.
- You're using the wrong certificate name in ioFTPD.ini
- You're using an invalid setting for SSL Cipher_Strength or Protocol in ioFTPD.ini

Been over the last two and am sure they are ok.

I'm using ioftpd on ioservice and read about the two added things in .env and did all that.

When trying to run the ssl.bat script i get the following error:

200-Error: Can't create the key of the subject ('xxx.no-ip.com')
200-Failed

I also tried to use the rsa_keygen.bat and import the certificate into trusted root but that wont work either.

Delled all certificates entrys, tried different makecerts.

In older threads on the board i see some guys have the same issues and some links to solving it, but that are dead links refering to the old www.ioftpd.com site.

I hope any1 has a new idea i can try to solve this issue, it's giving me headaches by now.

Greetz Coffee

EwarWoo
12-01-2005, 08:42 PM
Have u restarted ioFTPD since u installed the cert?
Is the cert name spelt correctly?
Are you trying to use TLS when configged for SSL?

Coffee
12-02-2005, 04:43 AM
Yes did all that,

cert name spelled correctly in ioftpd.ini
restarted ioftpd
using SSL

### Encryption ###
#
Require_Encrypted_Auth = *
Require_Encrypted_Data = !*
Certificate_Name = xxx.no-ip.com
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 168

Think it has something to due with that can't create key error and fr that not installing the certificate as the right user ioFTPD is running on. But can't find ways to fix that part.

EwarWoo
12-02-2005, 06:06 AM
Ah, sorry bud, missed that bit.
I actually have a site doing this myself, just wont let me create a cert no matter what I do. I gave up on it but hopefully someone else as an answer, I'd be interested in that too :)

Pu$u
12-02-2005, 07:46 AM
u should update your board profile if u have a reg. ioFTPD
because u say u have ioFTPD 5.8.5r

Wrez
12-03-2005, 09:37 PM
interesting i never knew one could do this !

Coffee
12-08-2005, 02:48 AM
u should update your board profile if u have a reg. ioFTPD
because u say u have ioFTPD 5.8.5r

Intresting reply , pffff

EwarWoo
12-08-2005, 03:22 AM
Not that interesting no, but perfectly valid, I woulda replied the exact same had I noticed ;)

Coffee
12-08-2005, 05:59 AM
I can't find where to do that, so tell me instead of flaming and going off topic please

scull
12-09-2005, 04:38 AM
Yes did all that,

cert name spelled correctly in ioftpd.ini
restarted ioftpd
using SSL

### Encryption ###
#
Require_Encrypted_Auth = *
Require_Encrypted_Data = !*
Certificate_Name = xxx.no-ip.com
Explicit_Encryption = True
Encryption_Protocol = SSL3
Min_Cipher_Strength = 128
Max_Cipher_Strength = 168

Think it has something to due with that can't create key error and fr that not installing the certificate as the right user ioFTPD is running on. But can't find ways to fix that part.

Hi i have the EXACT same problem, have several WinXp Sp2 computers running ioFTPD and SSL/TLS without problems ... BUT one other computer ( winxp sp2 ) wount generate the key , gets the same error message.

Mouton told me that it would work if i have the latest updates , SO i updated my windows and i downloaded all the files needed for cert making from microsoft. BUT with the same result.

//scull

Wrez
12-10-2005, 03:52 AM
how secret is this ****en data that u need it ssl it lol prolly pr0n :D

Cule
01-06-2006, 08:29 AM
where do you guys download makecert.exe and certmgr.exe? Im helping a good friend of mine setting up ssl, but we can't find the two .exe files on microsoft.com or any of their sister sites. Can anyone give us a link please?