Announcement

Collapse
No announcement yet.

SFTP Certficiate

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SFTP Certficiate

    I want to connect to an SFTP server to download files. When I connect via FileZilla or WS_FTP, I get prompted to accept a certificate. Once I accept, I can connect fine via the client.

    My problem is trying to get a copy of that certificate to import into my java cache. Is there a way to download this somehow? I tried exporting the cert out of the ftp client, but java won't use it's format. Help!

  • #2
    Are you talking about SFTP or FTPS? If you're talking about SFTP, then I think that the default SFTP option in a File Writer just uses SSH password authentication. If you want to use a pre-generated private key for authentication, that can certainly be done; just use some JavaScript code to create a new JSch SFTP channel, and add the private key as an identity. Look here for all the relevant info.

    If you're talking about FTPS, then the FTP option of a File Writer will work just fine; you'll just have to encapsulate it using TLS. If you're on an appliance, then the SSL Tunnels service can do this quite easily. Otherwise, any third-party proxy like stunnel will do the job as well. You can download certs usually just by attempting to establish a socket to the server (it'll respond in TLS-lingo). Openssl has a -showcerts option that should work as well. You can probably also download it using pretty much any browser, assuming you're connecting to the right port. FileZilla keeps certificates in an XML file in your local settings I believe.
    Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

    Nicholas Rupley
    Work: 949-237-6069
    Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


    - How do I foo?
    - You just bar.

    Comment


    • #3
      It's definitely SFTP. When I attempt to connect via the SFTP file reader, it can't connect. It's expecting some sort of client cert. FileZilla prompts me to trust it and import it into the cache. I'm looking at the JSch Examples and it's all a bit over my head.

      Comment


      • #4
        I'm not an SFTP expert, but I think that while FileZilla may still call it a certificate in that pop-up dialog, it's actually a public key that the program is asking whether or not you want to trust (and if so, then it imports that key into the program's local cache or something like that). Unless you've specified a particular private key though, the client still generates one automatically for you, since in the end that's how SSH works.

        Here's a rather simple example using JSch: http://sthen.blogspot.com/2008/03/sf...ivate-key.html
        Last edited by narupley; 08-14-2012, 12:36 PM.
        Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

        Nicholas Rupley
        Work: 949-237-6069
        Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


        - How do I foo?
        - You just bar.

        Comment


        • #5
          Originally posted by narupley View Post
          I'm not an SFTP expert, but I think that while FileZilla may still call it a certificate in that pop-up dialog, it's actually a public key that the program is asking whether or not you want to trust (and if so, then it imports that key into the program's local cache or something like that). Unless you've specified a particular private key though, the client still generates one automatically for you, since in the end that's how SSH works.

          Here's a rather simple example using JSch: http://sthen.blogspot.com/2008/03/sf...ivate-key.html
          That is my understanding of how it works as well. I'm not specifying a private key anywhere, just trusting their key. If I could just get Java to accept or trust that key, we'd be in good shape.

          If I went the route of using JSch, do I just download the jar and put it somewhere (custom-lib directory, perhaps)? Then I should be able to call it somehow? Am I on the right track here? My java is quite fuzzy.

          Comment


          • #6
            Fortunately, JSch is already included by default with Mirth Connect. Just import the com.jcraft.jsch pacakge in your Rhino context, and you'll be able to instantiate a session and all that good stuff.
            Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

            Nicholas Rupley
            Work: 949-237-6069
            Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


            - How do I foo?
            - You just bar.

            Comment


            • #7
              Originally posted by narupley View Post
              Fortunately, JSch is already included by default with Mirth Connect. Just import the com.jcraft.jsch pacakge in your Rhino context, and you'll be able to instantiate a session and all that good stuff.
              I may not have to go this route after all. Apparently, my troubleshooting skills are lacking lately. I can't connect to the sftp server in question from the Mirth server via FileZilla. It still works on our other server.

              This tells me that either the outbound connection is blocked from leaving our network or it's blocked from entering the remote network. My further research confirmed the later. They have IP blocking in place and did not have the Mirth server as an allowed connection.

              Comment

              Working...
              X