Hi,

I was in the exact same situation. In the end, I found this page: https://www.solypse.com/talend-ftps/ (in French).

I ended up doing these 5 steps:

1: generate an empty, local key store:

keytool -keystore clientkeystore -genkey -alias client -keystore local_keystore.jks

The keytool asks for a password to protect the keystore (twice). Give it one, at least 6 characters.

It also asks for firstname+lastname, organizational unit, organization, city, state, country. I went with the default 'Unknown' for all of them.

Then it asks for a password for the alias <client>, I went with the proposal to keep it the same as the password for the keystore.

You now have a keystore local_keystore.jks that has a private key for 'client'.

The tool issues a warning that we generated a keystore with a propietary format, and suggest a fix. Next step is to do just that fix.

2: convert the format of the freshly created keystore to type pkcs12:

keytool -importkeystore -srckeystorelocal_keystore.jks -destkeystorelocal_keystore.jks -deststoretype pkcs12

This step asks for the password of the keystore.

3: retrieved the certificate of the FTP server I want to connect to:

openssl s_client -connect 10.100.1.2:21 -starttls ftp </dev/null 2>/dev/null |openssl x509 -outform PEM > ftp_server.pem

4: convert that certificate from PEM into DEF format (just tested, could have done that directly in previous step)

openssl x509 -inform PEM -in ftp_server.pem -outform DEF -out ftp_server.cer

5: import the ftp_sever certificate into the keystore, indicating that it is thrusted:

keytool -import -file ftp_server.cer -keystore local_keystore.jks

The tool asks on the commandline if the certificate is to be trusted, answer 'yes'

You now have a keystorefile and password that can be used in a tFTPConnection Talend component, that will allow components like tFTPFileList and tFTPGet to access your FTP server. Be sure to check the 'FTPS Support (support tFTPGet temporarily)' checkbox, pick connection mode passive, and security mode implicit.

To find out all this took me several days, and a lot of frustration, so I hope I can prevent someone from having to go through the same, and thanks to the French guy for posting his original post.

Ron.

Hi Ron

Big thanks for your great tutorial! It saved a lot of work.

I simplified it a little bit down to 3 steps for a windows installation:

Requirements:

OpenSSL-Tool: For Windows get it for example here: https://slproweb.com/products/Win32OpenSSL.html

Solution:

1. Generate empty keystore type pkcs12
   CD "C:\Program Files\Java\jre1.8.0_211\bin" (in my case)
   keytool -keystore <Keystore-Name> -genkey -alias <Alias> -keystore <path+filename>.pks -deststoretype pkcs12 -keypass <Key-Password> -storepass <Store-Password>
   Leave the 5 questions blanc and answer the next one with J or Y (depends on language)
2. Download certificate type DEF
   CD "C:\Program Files\OpenSSL-Win64\bin" (in my case)
   openssl s_client -connect <FTP-Address>:21 -starttls ftp 2>NUL <NUL |openssl x509 -outform DEF > <path+filename>.cer
3. Fill the prepared keystore with certificate
   CD "C:\Program Files\Java\jre1.8.0_211\bin" (in my case)
   keytool -import -file <path+filename>.cer -keystore <path+filename>.cer.jks -keypass <Key-Password> -storepass <Store-Password>

Balz

Hi,

I managed to configure tFTPConnect with your help.

But, i have an error message with tftpfile or tftget.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:646)

at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:785)

at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3409)

at org.apache.commons.net.ftp.FTPClient.initiateListParsing(FTPClient.java:3339)

at org.apache.commons.net.ftp.FTPClient.listFiles(FTPClient.java:3016)

at sodiparc_bi.test_ftp_0_1.test_ftp$1FTPSGetter_tFTPGet_1.getFiles(test_ftp.java:590)

at sodiparc_bi.test_ftp_0_1.test_ftp.tFTPGet_1Process(test_ftp.java:782)

at sodiparc_bi.test_ftp_0_1.test_ftp.runJobInTOS(test_ftp.java:1079)

at sodiparc_bi.test_ftp_0_1.test_ftp.main(test_ftp.java:916)

Caused by: java.io.EOFException: SSL peer shut down incorrectly

Any idea ?