The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pure-FTPd TLS-Auth

Discussion in 'General Discussion' started by trparky, Aug 4, 2005.

  1. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    A couple of our users are experiencing the following connection error while using CuteFTP.
    SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.​
    I am going out on a limb here, but I assume it is because by default, Cpanel sets PureFTPd up with a self-signed certificate.

    How can we fix this?
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Do you have an SPI firewall installed? If so, you'll have to open a hole in it for the ephemeral ports (converting it to a less secure static firewall) because FTP over SSL will not work through an SPI firewall (it can't by design).
     
  3. trparky

    trparky Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    184
    Likes Received:
    1
    Trophy Points:
    0
    The only thing that gets me is that SmartFTP works with no issues. Is SmartFTP doing something different?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No idea. I would suspect that it is failing back to non-SSL, since the issue is with how an SPI firewall works.
     
  5. consultorpc

    consultorpc Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    I fet it working using FTP over TLS (explicit) with FileZilla in PASV mode, but with CuteFTP Pro I get the same error as you:

    STATUS:> Connected. Exchanging encryption keys...
    ERROR:> SSL: Error in negotiating SSL connection. The server could be rejecting your certificate.
    ERROR:> Failed to establish data socket.

    In the logs I can see this:

    Jun 15 07:56:56 vps501 pure-ftpd: (?@IP) [INFO] New connection from IP
    Jun 15 07:56:57 vps501 pure-ftpd: (?@IP) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
    Jun 15 07:56:57 vps501 pure-ftpd: (?@IP) [INFO] user is now logged in

    So I think it should be something worng with CuteFTP software.
     
  6. consultorpc

    consultorpc Well-Known Member
    PartnerNOC

    Joined:
    Jun 18, 2003
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    Hi again,

    After some tweaking I get it sorted, just activate Clear Data Channel in Site Properties in CuteFTP as it seems encrypted data isn't supported by the default Pure-FTPd installation in cPanel.

    Regards.
     
Loading...

Share This Page