FTP over implicit TSL - for dummies


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers FTP over implicit TSL - for dummies
# 1  
Old 10-16-2013
FTP over implicit TSL - for dummies

Here are the essentials:

Code:
un:  myuser
pw:  mypasswd
site: sftp.somesite.com
port:  990
type: FTPS
enc: FTP over implicit TLS
 

program used:
Curl 7.1.x on Hpux 11.31

I would like to "put" 1 file on there server.

Here is my syntax, what am I doing wrong?

Code:
curl -3 -v --cacert /home/myuser/TEST/us.pem --disable-epsv --ftp-skip-pasv-ip --
ftp-ssl -T "/home/myuser/TEST/somefile.txt"  ftp://usergiventome:passworm@sftp.somesite.com:990

PS. I can only use cmdline utils, and remote admins suggest I use Filezilla or LFTS, however, my admin suggested I use cUrl. Honestly, I wish to simply use scp, but you know, I can't lol.

PSS.
what was said from remote admin:

Quote:
We only support FTPS for all vendors. We do have SFTP but used for other Third party partners.
PSSS. my response:

Quote:
I do not have LFTP, and FleZilla, nor is our HPUX supported anymore, and is on it's way out in 4 months. There is no GUI, this must be a cmdline crontab entry.
I am at your mercy Unix Gods, suggestions are completely welcome.

---------- Post updated at 11:58 AM ---------- Previous update was at 11:15 AM ----------

Code:
# curl -V
+ curl -V
curl 7.19.1 (hppa2.0w-hp-hpux11.23) libcurl/7.19.1 OpenSSL/0.9.7m zlib/1.2.3 lib
idn/0.6.9
Protocols: tftp ftp telnet dict http file https ftps
Features: IDN IPv6 Largefile NTLM SSL libz

---------- Post updated at 12:00 PM ---------- Previous update was at 11:58 AM ----------

it just hangs, i get no reply/anything from remove server:

Code:
# curl --cert us.pem --user usergiven:passworm --upload-file file.txt >
+ curl --cert us.pem --user usergiven:passworm --upload-file file.txt ftp://sftp.remoteserver.com:990
#

just hangs... and hangs....

---------- Post updated at 01:11 PM ---------- Previous update was at 12:02 PM ----------

is this a hard question? sorry, that's my question Smilie

---------- Post updated at 01:23 PM ---------- Previous update was at 01:11 PM ----------

no idea what an infraction is, but it doesn't sound good. i just need help, not here to cause a fuss scott. i meant that, since all other posts about ftps and such have not yielded any positive help, and i have tried them all. so if some guru's are avail - assure you I can keep up. just ask what you need. thanks
# 2  
Old 10-16-2013
I would do a tcpdump around these cases to see more information; in addition, contact the remote admins and ask them what the state of your attempts show

Code:
curl -3 -v --cacert /home/myuser/TEST/us.pem  --ftp-ssl -T "/home/myuser/TEST/somefile.txt" ftp://usergiventome:passworm@sftp.somesite.com:990

and
Code:
curl -3 -v --cacert /home/myuser/TEST/us.pem --disable-epsv  --ftp-ssl -T "/home/myuser/TEST/somefile.txt"   ftp://usergiventome:passworm@sftp.somesite.com:990

and
Code:
curl -3 -v --cacert /home/myuser/TEST/us.pem --disable-epsv  --ftp-ssl  -T "/home/myuser/TEST/somefile.txt"    ftp://usergiventome:passworm@sftp.somesite.com:990

and
Code:
curl -3 -v --cacert /home/myuser/TEST/us.pem  --disable-epsv --ftp-skip-pasv-ip --ftp-ssl -T "/home/myuser/TEST/somefile.txt"   ftp://usergiventome:passworm@sftp.somesite.com:990

Do separate dumps for each try so you don't get confused when looking at the reports.
This User Gave Thanks to blackrageous For This Post:
# 3  
Old 10-17-2013
first of all THANKS this is what i am looking for.... syntax !! ok, i will also contact the remote admin, yah i should have done that earlier, he is in phillippines, im in california. looks lilke it will be a while before i get some feedback. THANK YOU FOR SUGGESTS, hang in there with me on this one, i really appreciate.

---------- Post updated 10-17-13 at 08:01 AM ---------- Previous update was 10-16-13 at 02:34 PM ----------

ok, welp, i dont know if anyone has used HP-UX OS before, but appears like most of the users here are LINUX users, and that is fine... BUT.. this is a production server, and SOX complinance, I do not simply load progs on there that do not load properly, or muck with current libs/configs for openssl.

i hope there are trace and network utils, that is why i cam to UNIX.com, not linux, UNIX.com. any program i have been asked to install, not only from here but other forums, i gather those users have not used HP-UX for any time.

so with that said,,, and like i said above... this is HP-UX. let's work with the basic tools already on it, for i can NOT add anything to it. And if that means yuo are limited to helping me,, then sorry, thats how it is. I need people here who know HPUX exclusively. same issue remains. thanks

---------- Post updated at 11:34 AM ---------- Previous update was at 08:01 AM ----------

I am unable to load tcpdump on hpux currently. what other tools/utils does hpux have to assist in what you are asking for... thanks!
# 4  
Old 10-21-2013
unable to contact admin, in over 1 week directly. i will not be getting any log info from him. what more can i do? all the cmds above, not successful. i am still waiting to hear from curl folks email response. ill check and report if they respond. suggestions ?
# 5  
Old 10-22-2013
im starting to get responses back now, i got the syntax better, but still not able to transfer test file to remote server. Also, i used good'ol Winscp, and it worked fine for implicite ssl/tls option, and force ip. here are some notable stdout from their server to sift, and suggest. thanks!:


Code:
# curl -3 -v --capath /opt/openssl/certs --cacert STAR_somesite_com.crt \^>
* About to connect() to sftp.somesite.com port 990 (#0)
*   Trying 66.66.66.66... connected
* Connected to sftp.somesite.com (66.66.66.66) port 990 (#0)
* successfully set certificate verify locations:
*   CAfile: STAR_somesite_com.crt
  CApath: /opt/openssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
#

Code:

#  --cacert STAR_somesite_com.ca-bundle \^J--ftp-ssl -T /home/myname/TEST/u*
* About to connect() to sftp.somesite.com port 990 (#0)
*   Trying 66.66.66.66... connected
* Connected to sftp.somesite.com (66.66.66.66) port 990 (#0)
* successfully set certificate verify locations:
*   CAfile: STAR_somesite_com.ca-bundle
  CApath: /opt/openssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
#

Code:
# curl -3 -v --ftp-skip-pasv-ip --capath /opt/openssl/certs --cacert STAR_usa>
* About to connect() to sftp.somesite.com port 990 (#0)
*   Trying 66.66.66.66... connected
* Connected to sftp.somesite.com (66.66.66.66) port 990 (#0)
* successfully set certificate verify locations:
*   CAfile: STAR_somesite_com.crt
  CApath: /opt/openssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
#

Code:
# curl -3 -v --ftp-pasv --capath /opt/openssl/certs --cacert STAR_somesite>
* About to connect() to sftp.somesite.com port 990 (#0)
*   Trying 66.66.66.66... connected
* Connected to sftp.somesite.com (66.66.66.66) port 990 (#0)
* successfully set certificate verify locations:
*   CAfile: STAR_somesite_com.crt
  CApath: /opt/openssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS alert, Server hello (2):
} [data not shown]
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
* Closing connection #0

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify faile
d
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
#

Code:
# curl -3 -v -k --basic --ftp-pasv --capath /opt/openssl/certs --cacert STAR_>
* About to connect() to sftp.somesite.com port 990 (#0)
*   Trying 66.66.66.66... connected
* Connected to sftp.somesite.com (66.66.66.66) port 990 (#0)
* successfully set certificate verify locations:
*   CAfile: STAR_somesite_com.crt
  CApath: /opt/openssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using AES256-SHA
* Server certificate:
*        subject: OU=Domain Control Validated, OU=Hosted by Secure SSL Network,
OU=COMODO SSL Wildcard, CN=*.somesite.com
*        start date: 2012-07-03 00:00:00 GMT
*        expire date: 2017-07-03 23:59:59 GMT
*        subjectAltName: sftp.somesite.com matched
*        issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN
=COMODO SSL CA
*        SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
< 220 Welcome to the USAP FTPS Server
> USER usernamehere
< 331 Password required for usernamehere
> PASS xxxxxx
< 230 Logged on
> PBSZ 0
< 200 PBSZ=0
> PWD
< 257 "/" is current directory.
* Entry path is '/'
> EPSV
* Connect data stream passively
< 229 Entering Extended Passive Mode (|||50043|)
*   Trying 66.66.66.66... connected
* Connecting to 66.66.66.66 (66.66.66.66) port 50043
> TYPE I
< 200 Type set to I
> STOR usauto.txt
< 550 PROT P required
* Failed FTP upload: 550
* Remembering we are in dir ""
* Uploaded unaligned file size (0 out of 233 bytes)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*
Connection #0 to host sftp.somesite.com left intact

curl: (25) Failed FTP upload: 550
> QUIT
< 221 Goodbye
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
#

# 6  
Old 10-24-2013
apparently this is the issue:

Code:
--capath /opt/openssl/certs

i am now upgrading curl to curl 7.3.3.0

how do i remove the current curl from HPUX and only use the swinstalled curl i just loaded.

swlist |grep curl

curl 7.33.0 curl

but...

curl -V

curl 7.19.1 (hppa2.0w-hp-hpux11.23) libcurl/7.19.1 OpenSSL/0.9.7m zlib/1.2.3 lib
idn/0.6.9


how can i fix it so /usr/bin/curl is pointing to newly installed curl??

damm! hpux,, i want to goto linux ASAP here at work.... sighs...


---------- Post updated at 08:30 AM ---------- Previous update was at 08:28 AM ----------

also, here is the new syntax the remote admin used and worked:

Code:
 curl -1 -T "test2.txt" ftps://userhere:pwhere@sftp.sitehere.com:990 -ftp-ssl --cacert STAR.crt -k -v



suggestions please.. thanks!
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Implicit FTPS error on Citrix Sharefile

Hi, I have to upload a file to a remote Citrix Sharefile server using implicit FTPS. But the problem I'm facing is that when the FTPS UNIX script is called through a GUI tool; it keeps on running and after forcibly killing that job, if I try to connect the same server directly from the UNIX box... (1 Reply)
Discussion started by: dips_ag
1 Replies

2. UNIX for Advanced & Expert Users

FTP over implicit TLS

Here are the essentials: un: myuser pw: mypasswd site: sftp.somesite.com port: 990 type: FTPS enc: FTP over implicit TLS program used: Curl 7.1.x on Hpux 11.31 I would like to "put" 1 file on there server. Here is my syntax, what am I doing wrong? curl -3 -v --cacert... (4 Replies)
Discussion started by: olyanderson
4 Replies

3. SuSE

RPM implicit dependencies

Hi, I'm having issues with implicit dependencies for my RPM package. This is the error I'm getting: error: Failed dependencies: libclntsh.so.11.1()(64bit) is needed by geomatica-10.4-0.x86_64 Our software has a dynamically loaded library which links to the Oracle's libclntsh.so.11.1... (2 Replies)
Discussion started by: pneveu
2 Replies

4. UNIX for Dummies Questions & Answers

Automating ftp job using implicit ssl?

Can this be done? Or do you need some other program installed on the AIX box? (6 Replies)
Discussion started by: NycUnxer
6 Replies

5. Shell Programming and Scripting

Push records to array during implicit loop and write to file

NEWBIE ALERT! Hi, I'm 1 month into learning Perl and done reading "Minimal Perl" by Tim Maher (which I enjoyed enoumously). I'm not a programmer by profession but want to use Perl to automate various tasks at my job. I have a problem (obviously) and are looking for your much appreciated help.... (0 Replies)
Discussion started by: jospan
0 Replies

6. Programming

implicit declaration of function 'reboot'

Hi, I'm tying to use the following function to reboot the system as part of my code #include <unistd.h> #include <linux/reboot.h> int restart(unsigned int delay) { sleep(delay); return reboot(LINUX_REBOOT_CMD_RESTART); } When I try to compile the code I get the warning in the... (2 Replies)
Discussion started by: galapogos
2 Replies

7. Shell Programming and Scripting

FTP/implicit SSL

Hi, I want to FTP can some one help me how do I do this manually from unix command line Thanks, (2 Replies)
Discussion started by: sridatos
2 Replies

8. AIX

Implicit login in AIX

only wanted to know .. if I have some tivoli jobs running with different user .. will this mean that everytime the job invokes .. the .profile runs for that user ... or is it that the .profile runs only at explicit LOGINs ... e.g if a cron calls a job under some user, does it run the .profile of... (1 Reply)
Discussion started by: rajesh_149
1 Replies

9. Shell Programming and Scripting

Implicit Ping

Hi All I want some help in writing a script that will: 1. Implicitly ping a server to see if it is up or not. (I have blocked all ICMP traffic on that box) 2. if the server is down send an alert mail to users I have looked and looked but I could not get any way to do this. What I have... (2 Replies)
Discussion started by: skotapal
2 Replies

10. Programming

gcc warnings: implicit declaration of function...

I am having strange warnings from gcc compiler, which I don't think should come while cmpiling. Can anyone help? The warnings are: - warning: implicit declaration of function 'bzero' - warning: implicit declaration of function 'inet_addr' The code is as below: int main(int argc, char... (2 Replies)
Discussion started by: Ahsan
2 Replies
Login or Register to Ask a Question