View Full Version : SSL Problem ioFTPD Windows 7
StefanFXP
10-28-2009, 07:22 AM
Hello,
who can help i having problems on my windows 7
the problems was'n t on my windows XP
[R] 200-NAME="ioFTPD" [FTP_Service (Certificate_Name)]
[R] 200-Succeeded
[R] 200-Failed to load new cert.
[R] 500 makecert: Directory/File already exists.
Error.log:
10-28-2009 13:15:51 Unable to generate outbound credentials. (cert=ioFTPD1)
10-28-2009 13:15:51 SSL: "Unable to locate certificate" "name=ioFTPD1" "Service=FTP_Service" "(Certificate_name)"
10-28-2009 13:15:51 Unable to generate outbound credentials. (cert=ioFTPD)
ioFTPD.log:
10-28-2009 13:15:46 LOGIN: "FTP_Service" "ioFTPD" "ioftpd" "Master Account" "*@HIDE"
10-28-2009 13:15:51 SSL: "Successfully generated new cert: ioFTPD1" "User=ioFTPD".
10-28-2009 13:15:51 SSL: "Unable to locate certificate" "name=HIDE" "Service=FTP_Service" "Device=Any" "(HOST=)"
10-28-2009 13:15:51 SSL: "Unable to locate default certificate" "name=ioFTPD" "Service=FTP_Service"
Thx
o_dog
10-28-2009, 07:34 AM
try running ioftpd as admin
StefanFXP
10-28-2009, 07:48 AM
thx for the quik reply o_dog
nope i allready try this ant it won't work
the same error
Grtz
StefanFXP
10-30-2009, 06:27 AM
problem is solved
thx
seems to be that windows 7 does'nt support SSL
so i have done this
;Encryption_Protocol = SSL3
if your using flash fxp i dont think it supports ssl 3 - it should support ssl2 and tls though
Stars
03-04-2010, 07:20 AM
Its solved :D:D
jojo2peter
03-30-2010, 02:36 PM
hm, i use Windows 7 too, and i got this problem
[R] 220 FTP Server ready.
[R] AUTH TLS
[R] 234 AUTH TLS successful.
[R] Connected. Negotiating TLSv1 session..
[R] QUIT
[R] Connection failed (Connection closed by client)
i activated the DMZ (every port in my router is forwarded) but nothing happened.
When i forward ports between 5421 and 5450 (which i used in the ioFTPD.ini) it works sometimes, but only through PORT command, in FlashFXP i already checked the "use site ip vor passive mode connections" mode. I created the SSL Cert, by using "site makecert" command...
When I connect to 127.0.0.1 or 192.x.x.x it works, but through the external IP it doesn't.
I think it's on windows 7, but i tried everything, beginning from deactivating the firewall, over starting ioFTPD as administrator or in Windows XP SP 3 Mode, and using ioFTPD as a service.
In addition, i have to mention, that i configured ioFTPD to port 21(before it was 5420).
PS: I already resetted the router.
If i deactivate SSL:
[R] Connecting to 109.*.*.* -> IP=109.*.*.* PORT=5420
[R] Connected to 109.*.*.*
[R] 220 FTP Server ready.
[R] USER test
[R] 331 Password required for test.
[R] PASS (hidden)
[R] Connection failed (Connection lost)
[R] Delaying for 15 seconds before reconnect attempt #1
Something is clearly not happy in your configuration. You appear to not be able to login even without SSL, so I suggest you focus on getting that to work first.
I don't know if you have installed any scripts or not, but if so go extract a new copy of plain ioFTPD on the default port and see if that works. Then depending on what happens check the /logs directory to see what errors are reported.
The first thing that struck me is port 21 is the well known FTP port and it's possible that some sort of proxy / firewall is trying to help out here locally. Sort of like some anti-spyware stuff watches outgoing connections to port 80/8080/etc so it can filter incoming content... It's more likely though that your router might treat FTP special and there is checkbox you need to enable in a services to forward tab or something. I've seen that before. That's the most obvious reason for why it sort of works locally but won't remotely.
Stars
03-30-2010, 04:38 PM
1. SSL Tab en choose Auth SSL (TLS does not always works fine)
2.works site makecert? maybe because the error
jojo2peter
03-31-2010, 08:35 AM
1. SSL Tab en choose Auth SSL (TLS does not always works fine)
2.works site makecert? maybe because the error
1.
[R] Connected to 109.192.90.21
[R] 220 FTP Server ready.
[R] AUTH SSL
[R] 234 AUTH SSL successful.
[R] Connected. Negotiating SSL session..
2.
site makecert works, tho i get this error:
[L] site makecert
[L] 200-NAME="ioFTPD" [FTP_Service (Certificate_Name)]
[L] 200-Succeeded
[L] 200-Failed to load new cert.
[L] 500 makecert: Directory/File already exists.
i think it doesn't matter...
@Yil: I can't find any special configuration for ftp, but DMZ (http://en.wikipedia.org/wiki/DMZ_%28computing%29) have to work.
Also I tried this:
http://www1.xup.in/exec/ximg.php?fid=18423995
Isnt there any setting in Windows 7, which forbids the portforwarding?
Stars
03-31-2010, 10:23 AM
Your makecert works not fine.
See: [L] 200-Failed to load new cert.
[L] 500 makecert: Directory/File already exists.
jojo2peter
03-31-2010, 10:29 AM
Your makecert works not fine.
See: [L] 200-Failed to load new cert.
[L] 500 makecert: Directory/File already exists.
Local I can accept the SSL Cert. and it works with 256bit encryption, i don't think that this is the issue.
I suppose that the router is the problem...
This happens, when i try to connect without any SSL Encryption on Port 5420:
[R] 220 FTP Server ready.
[R] USER filler
[R] 331 Password required for filler.
[R] PASS (hidden)
[R] Connection failed (Connection lost)
[R] Delaying for 15 seconds before reconnect attempt #1
Stars
03-31-2010, 10:31 AM
wait few minutes.. i have an tool that you can make an cert...
Stars
03-31-2010, 10:50 AM
Tutorial:
1. Remove all cert file from the system folder
2. Unpack iocerts.zip (do not matter where)
3. Open the certmgr.exe and remove all cert in that window (which is of ioFTPD)
and close window
4. Open now the rsa_keygen.bat and filled in (Please enter your server's hostname (example: xxx.dyndns.org):) ioFTPD and press enter
Please enter your sitename: here the same ioFTPD and press enter
5. The file is created in folder iocerts
6. Replace that file into the system folder.
7. Done (restart your server).
Open your ioFTPD.ini (system folder) and look here:
Require_Encrypted_Auth = *
and
Certificate_Name = ioftpd
Good Luck
Win7+ seems to act differently with regard to the ioFTPD cert. The error message about it already existing I've seen several times. Simply restarting ioFTPD should load the new cert. At this point, I'm convinced you've rebooted at least once as well. The cert from makecert is fine.
I am a bit concerned about why it looks like you can't actually login past the PASS command. I assumed that was because you had the site open/close and perhaps oneline stuff from nxTools installed but something wasn't right. Hence the vanilla server request just to make sure. Can you login and do everything locally fine?
There is a windows firewall for incoming connections and you'll need to add ioFTPD to it's list of exceptions. Can you run other software that accepts incoming connections?
jojo2peter
03-31-2010, 05:47 PM
Win7+ seems to act differently with regard to the ioFTPD cert. The error message about it already existing I've seen several times. Simply restarting ioFTPD should load the new cert. At this point, I'm convinced you've rebooted at least once as well. The cert from makecert is fine.
I am a bit concerned about why it looks like you can't actually login past the PASS command. I assumed that was because you had the site open/close and perhaps oneline stuff from nxTools installed but something wasn't right. Hence the vanilla server request just to make sure. Can you login and do everything locally fine?
There is a windows firewall for incoming connections and you'll need to add ioFTPD to it's list of exceptions. Can you run other software that accepts incoming connections?
locally it works fine, with ssl, tls etc... only through external ip it makes problems, exceptly on port 21, but i cant configure the ports for sso etc. on port 21.
creating exceptions for ioftpd in the firewall i've already done. turning off the firewall didn't help at all...
With "advanced Port Scanner" i scanned my IP, and it says, that there arent any ports open...
How can I check else, if the ports are opened?
You might want to verify that your local IP still ends in .101. That looks like it's a DHCP given address. I'd suggest picking a static local address like .10 or something because you need to forward ports from the router and there is no guarantee you'll always get the .101 IP.
jojo2peter
04-02-2010, 08:01 AM
You might want to verify that your local IP still ends in .101. That looks like it's a DHCP given address. I'd suggest picking a static local address like .10 or something because you need to forward ports from the router and there is no guarantee you'll always get the .101 IP.
I did, but it does't work at all :(
vBulletin® v3.8.11 Alpha 3, Copyright ©2000-2024, vBulletin Solutions, Inc.