Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
I downloaded and referenced the latest version to test it out. I ran into a problem with the loading of certificates.
ChilkatLog:
SetSslClientCert(94ms):
DllDate: Jun 23 2015
ChilkatVersion: 9.5.0.51
UnlockPrefix: DMVCAGFTP
Username: ISD-DSK-HV02:MVTWV
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 1
mergeSysCerts:
addCertificate:
certHashEntry: 0A9B:dmvsftpbe1.sft.dmv.ca.gov
--addCertificate
--mergeSysCerts
buildSslClientCertChain(94ms):
constructCertChain(94ms):
bMustReachRoot: 0
buildCertChain(94ms):
startCertDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
initialCertChainSize: 0
sysCertsFindIssuer(94ms):
findBySubjectKeyId(63ms):
crpFindBySubjectKeyId:
findCertBySubjectKeyId: SubjectKeyId:LWfafvo+qBm/RSC18ajaHiLNGBg=
--crpFindBySubjectKeyId
msFindCertBySubjectKeyId(63ms):
subjectKeyId: LWfafvo+qBm/RSC18ajaHiLNGBg=
needPrivateKey: 0
No match found in MY current-user certificate store.
No match found in MY local-machine certificate store.
No match found in AddressBook current-user certificate store.
No match found in AddressBook local-machine certificate store.
No match found in CA current-user certificate store.
No match found in CA local-machine certificate store.
No match found in ROOT current-user certificate store.
No match found in ROOT local-machine certificate store.
--msFindCertBySubjectKeyId
--findBySubjectKeyId
certReposFindIssuer:
Version 9.5.0.21 works fine.
Here is the solution. When the login certificate is installed, the private key must be marked as exportable. In the previous version of FTP2 it did not matter, now it does. Thanks Matt.
This does not seem to be the full contents of the LastErrorText. Was it truncated?
No I just cut out the irrelevant portion, however I can include it if you like.
Sorry tried to use the code, but it still looks like a jumble.
ChilkatLog:
SetSslClientCert(94ms):
DllDate: Jun 23 2015
ChilkatVersion: 9.5.0.51
UnlockPrefix: DMVCAGFTP
Username: ISD-DSK-HV02:MVTWV
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 1
mergeSysCerts:
addCertificate:
certHashEntry: 0A9B:dmvsftpbe1.sft.dmv.ca.gov
--addCertificate
--mergeSysCerts
buildSslClientCertChain(94ms):
constructCertChain(94ms):
bMustReachRoot: 0
buildCertChain(94ms):
startCertDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
initialCertChainSize: 0
sysCertsFindIssuer(94ms):
findBySubjectKeyId(63ms):
crpFindBySubjectKeyId:
findCertBySubjectKeyId: SubjectKeyId:LWfafvo+qBm/RSC18ajaHiLNGBg=
--crpFindBySubjectKeyId
msFindCertBySubjectKeyId(63ms):
subjectKeyId: LWfafvo+qBm/RSC18ajaHiLNGBg=
needPrivateKey: 0
No match found in MY current-user certificate store.
No match found in MY local-machine certificate store.
No match found in AddressBook current-user certificate store.
No match found in AddressBook local-machine certificate store.
No match found in CA current-user certificate store.
No match found in CA local-machine certificate store.
No match found in ROOT current-user certificate store.
No match found in ROOT local-machine certificate store.
--msFindCertBySubjectKeyId
--findBySubjectKeyId
certReposFindIssuer:
issuerN: US, CA, Sacramento, State of California, Department of Motor Vehicles, dmvsftpbe1.sft.dmv.ca.gov, dmvsftpbe1, D59A3BF8D3A5484819F648C34D04A4B2
Did not find issuer certificate.
--certReposFindIssuer
issuerDN: C=US, ST=CA, L=Sacramento, O=State of California, OU=Department of Motor Vehicles, CN=dmvsftpbe1.sft.dmv.ca.gov, OU=dmvsftpbe1, SERIALNUMBER=D59A3BF8D3A5484819F648C34D04A4B2
msFindIssuer(31ms):
msAddIssuer2:
FindIssuerForCertDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
Did not find the issuer certificate.
--msAddIssuer2
msAddIssuer1(31ms):
FindIssuerForCertDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
authorityKeyIdentifier: 2D67 DA7E FA3E A819 BF45 20B5 F1A8 DA1E
22CD 1818
issuerCN: dmvsftpbe1.sft.dmv.ca.gov
Did not find the issuer certificate.
--msAddIssuer1
success: 0
--msFindIssuer
Did not find issuer in MS certificate stores.
--sysCertsFindIssuer
finalCertChainSize: 1
Unable to build certificate chain to root.
--buildCertChain
completedChainToRoot: 0
numCertsInChain: 1
--constructCertChain
--buildSslClientCertChain
Success.
--SetSslClientCert
--ChilkatLog
ChilkatLog:
Connect_Ftp2(953ms):
DllDate: Jun 23 2015
ChilkatVersion: 9.5.0.51
UnlockPrefix: DMVCAGFTP
Username: ISD-DSK-HV02:MVTWV
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 1
ProgressMonitoring:
enabled: yes
heartbeatMs: 0
sendBufferSize: 65536
--ProgressMonitoring
ImplicitSsl: 0
AuthTls: 1
AuthSsl: 1
ftpConnect(953ms):
Hostname: 205.225.192.110
Port: 2121
IdleTimeoutMs: 60000
socket2Connect:
connect2:
hostname: 205.225.192.110
port: 2121
ssl: 0
connectSocket:
domainOrIpAddress: 205.225.192.110
port: 2121
connectTimeoutMs: 20000000
connect_ipv6_or_ipv4:
This is an IPV4 numeric address.
Domain to IP address resolution not needed.
connecting to IPV4 address...
ipAddress: 205.225.192.110
createSocket:
Setting SO_SNDBUF size
sendBufSize: 262144
Setting SO_RCVBUF size
recvBufSize: 4194304
--createSocket
connect:
Waiting for the connect to complete...
myIP: 165.153.130.82
myPort: 50051
socket connect successful.
--connect
--connect_ipv6_or_ipv4
--connectSocket
--connect2
--socket2Connect
Turning on TCP_NODELAY.
socketOptions:
SO_SNDBUF: 262144
SO_RCVBUF: 4194304
TCP_NODELAY: 1
SO_KEEPALIVE: 0
--socketOptions
readCommandResponse(250ms):
replyLineQP: 220-DMV Secure File Transfer
replyLineQP: 220-
replyLineQP: 220-
replyLineQP: 220 Secure FTP Server ready.
commandResponse: 220-DMV Secure File Transfer
220-
220-
220 Secure FTP Server ready.
statusCode: 220
--readCommandResponse
initialStatus: 220
initialResponse: 220-DMV Secure File Transfer
220-
220-
220 Secure FTP Server ready.
converting to secure connection...
authTls(703ms):
sendCommand:
sendingCommand: AUTH TLS
--sendCommand
readCommandResponse(609ms):
replyLineQP: 234 TLSv1
commandResponse: 234 TLSv1
statusCode: 234
--readCommandResponse
convertToTls(94ms):
Clearing TLS client certificates.
clientHandshake(94ms):
certChain:
subjectDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
--certChain
cacheClientCerts:
Cached TLS client certificates.
certChain:
subjectDN: C=US, ST=California, L=Sacramento, O=State of California - DMV, OU=DMV (Script Generated), CN=axwaytest-x509
--certChain
--cacheClientCerts
clientHandshake2(94ms):
readHandshakeMessages(78ms):
processHandshakeRecord:
processHandshakeMessage:
processServerHello:
MajorVersion: 3
MinorVersion: 3
cipherSuite: RSA_WITH_AES_256_CBC_SHA
cipherSuiteNumeric: 00,35
compressionMethod: 0
minAcceptableRsaKeySize: 1024
--processServerHello
--processHandshakeMessage
--processHandshakeRecord
--readHandshakeMessages
Sending client-side certificate(s)...
sendClientCertificates:
buildCertificatesMessage:
numCerts: 1
--buildCertificatesMessage
--sendClientCertificates
buildClientKeyExchange:
buildClientKeyExchangeRsa:
modulus_bitlen: 2048
bigEndian: 1
padding: PKCS 1.5
--buildClientKeyExchangeRsa
--buildClientKeyExchange
getPrivateKey:
certGetPrivateKeyAsDER:
Checking via Crypto API for a private key...
--certGetPrivateKeyAsDER
Unable to export the private key.
--getPrivateKey
sendCertificateVerify:
Sending ClientCertVerify message...
CertificateVerify using TLS 1.2 with MS Crypto API is not supported. Use TLS 1.1 or lower.
--sendCertificateVerify
Failed to send client certificate verify message.
--clientHandshake2
--clientHandshake
Client handshake failed. (1)
connectionClosed: 0
--convertToTls
Failed to convert channel to SSL/TLS
--authTls
--ftpConnect
Failed to connect to FTP server.
Failed.
--Connect_Ftp2
--ChilkatLog
220-DMV Secure File Transfer
220-
220-
220 Secure FTP Server ready.
AUTH TLS
234 TLSv1
ChilkatLog:
ChangeRemoteDir:
DllDate: Jun 23 2015
ChilkatVersion: 9.5.0.51
UnlockPrefix: DMVCAGFTP
Username: ISD-DSK-HV02:MVTWV
Architecture: Little Endian; 32-bit
Language: .NET 2.0
VerboseLogging: 1
dir: /dmv-ddt-router/FromDMV
changeRemoteDir:
simplePathCommand:
sendCommand:
prepControlChannel:
Cannot wait for socket data: not connected (invalid socket)
socketError: Socket fatal error.
--prepControlChannel
Failed to ensure that the FTP control channel is clear and ready.
--sendCom
Thanks jpbro for cleaning up that mess, here is the code where it is failing
if (lcert.SubjectCN.ToString() == certName)
{
//get certs exipre date
DateTime expireDate = lcert.ValidTo;
//Calc diff from curent date to exipre date
var Days = (expireDate - Today1).Days;
//If Certificates have 30's or less, start nagging
if (Days <= 30 && lcert.Expired != true)
{
MessageBox.Show("Certificate will expire in " + Days + " Days " + "Thumbprint " + lcert.Sha1Thumbprint.ToString(), "Get New Cert From DMV");
}
if (lcert.Expired)
{ MessageBox.Show("This Cert is Expired " + lcert.Sha1Thumbprint.ToString()," FGS will attempt to find a non expired cert ");
}
//8.10.15 testing for version 9.5.0.55
if (!lcert.Expired)
{
//success = cert.LoadByCommonName(certName);
cert = certStore.FindCertBySubjectCN(certName);
}
}
}
I commented out the above success = cert.LoadByCommonName(cert) this is where it just spun and writes out to the log. The above code is simply taking all the certificates in the certificate store and rolling thru them to find certificates issued by my company and make sure they are not expired. Works for version 9.5.0.21 but not for version 9.5.051. After I added a reference to the latest version my app stopped working.
Anyone anyone hello ?
Yes I understand, and I have submitted the paperwork to buy support.