EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Failed to load certificate, PFX error 7937

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#14869
Posted: 10/29/2010 12:12:31
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

we are trying to use the FTPS component in your product and our customer has provided us a x.509 key, but we get the error

Failed to load certificate, PFX error 7937

Can anyone assist us with this? the 7937 error code is not apparent on the list of error codes.

we can use the same cert and make it work using ws-ftp, but have issues with secureblackbox.
#14871
Posted: 10/29/2010 13:24:46
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Error code 7937 (0x1F01) stands for SB_PKCS12_ERROR_INVALID_ASN_DATA error. It is likely that the certificate file is not a PKCS#12 (PFX) file (probably PEM?).
#14872
Posted: 10/29/2010 14:46:40
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

Here is what i get when loading it as a PEM using force ssl/tls

-- Certificate Loaded OK
-- Connecting to ftp site:21
-- Connected
-- Certficate Received
-- Issuer: CN=---------
-- Subject: CN=--------
-- Certificate is OK
-- Error occured while forcing SSL

and if i don't force i get

-- Certificate Loaded OK
-- Connecting to ftp site:21
-- Connected
-- Unaccepted server reply (error code is 503)
#14873
Posted: 10/29/2010 14:53:28
by Ken Ivanov (EldoS Corp.)

Could you please check whether the same errors are returned by the sample FTPS client application? The log created by that sample will also help much.
#14874
Posted: 10/29/2010 15:00:24
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

Yes, this information comes from the FTPS sample. I was unable to copy and paste. if i try using PFX if fails to load, however, if i change the load to R = Cert.LoadFromStreamPEM(F, propsForm.editCertPassword.Text, (int)F.Length);

i get the log i sent earlier.
#14875
Posted: 10/29/2010 15:06:11
by Ken Ivanov (EldoS Corp.)

And could you also please provide us the FTPS communication log from the upper text box (please cut all the sensitive information off before posting)?

For the SSL-enabled case, please try to turn TLS1.1 and TLS1.2 protocol versions off and check if it helps. Unfortunately, we can say nothing about no-SSL case without having an FTPS communication log.
#14876
Posted: 10/29/2010 15:07:58
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

<<<220 WARNING: This is a private system intended for use by expressly authorized users. All activity is recorded. If such monitoring reveals possible criminal activity, system personnel may provide the evidence of that activity to law enforcement officials

>>>AUTH TLS
<<<234 AUTH: command accepted. Securing command channel ...
#14877
Posted: 10/29/2010 15:18:08
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

OK, we figured this out. this customer uses SSL2, use ssl/tls, and auto detect. SSL3 being checked was my dag gone culprit.

Here is the log... i thank you for the replies...


<<<220 WARNING: This is a private system intended for use by expressly authorized users. All activity is recorded. If such monitoring reveals possible criminal activity, system personnel may provide the evidence of that activity to law enforcement officials

>>>AUTH TLS
<<<234 AUTH: command accepted. Securing command channel ...

>>>USER BLAH
<<<331 Password required for BLAH.

>>>PASS BLAHPASS
<<<230 User BLAH logged in. Session Id: 61236.

>>>PBSZ 0
<<<200 PBSZ command accepted.

>>>PROT P
<<<200 PROT command accepted. Data transactions will be secured.

>>>FEAT
<<<500 FEAT command not understood.
#14878
Posted: 10/29/2010 15:20:28
by Ken Ivanov (EldoS Corp.)

Thank you.

A. SSL case.
1) Did you try turning TLS1.1 and TLS1.2 versions off?
2) Please check the value of the TElX509Certificate.PrivateKeyExists property right after calling the LoadFromStreamPEM() method.

B. No-SSL case.
1) Could you also please provide the communication log for it?
#14879
Posted: 10/29/2010 15:23:31
by Matthew Dragiff (Standard support level)
Joined: 03/01/2007
Posts: 15

Yes, i did turn off SSL3, TSL1, TLS 1.1. TLS 1.2 is not on my sample FTPS app.

private key exists = false !
private key extractable = true !

See log above.

Thanks, i hope i answered your questions successfully.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 4344 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!