web stats
SFTP Certficiate - Mirth Community

Go Back   Mirth Community > Mirth Connect > Support

Reply
 
Thread Tools Display Modes
  #1  
Old 08-14-2012, 11:41 AM
JoshMc JoshMc is offline
OBX.2 Kenobi
 
Join Date: Jun 2009
Location: Nashville, TN
Posts: 95
JoshMc is on a distinguished road
Default SFTP Certficiate

I want to connect to an SFTP server to download files. When I connect via FileZilla or WS_FTP, I get prompted to accept a certificate. Once I accept, I can connect fine via the client.

My problem is trying to get a copy of that certificate to import into my java cache. Is there a way to download this somehow? I tried exporting the cert out of the ftp client, but java won't use it's format. Help!
Reply With Quote
  #2  
Old 08-14-2012, 12:08 PM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,123
narupley is on a distinguished road
Default

Are you talking about SFTP or FTPS? If you're talking about SFTP, then I think that the default SFTP option in a File Writer just uses SSH password authentication. If you want to use a pre-generated private key for authentication, that can certainly be done; just use some JavaScript code to create a new JSch SFTP channel, and add the private key as an identity. Look here for all the relevant info.

If you're talking about FTPS, then the FTP option of a File Writer will work just fine; you'll just have to encapsulate it using TLS. If you're on an appliance, then the SSL Tunnels service can do this quite easily. Otherwise, any third-party proxy like stunnel will do the job as well. You can download certs usually just by attempting to establish a socket to the server (it'll respond in TLS-lingo). Openssl has a -showcerts option that should work as well. You can probably also download it using pretty much any browser, assuming you're connecting to the right port. FileZilla keeps certificates in an XML file in your local settings I believe.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #3  
Old 08-14-2012, 12:15 PM
JoshMc JoshMc is offline
OBX.2 Kenobi
 
Join Date: Jun 2009
Location: Nashville, TN
Posts: 95
JoshMc is on a distinguished road
Default

It's definitely SFTP. When I attempt to connect via the SFTP file reader, it can't connect. It's expecting some sort of client cert. FileZilla prompts me to trust it and import it into the cache. I'm looking at the JSch Examples and it's all a bit over my head.
Reply With Quote
  #4  
Old 08-14-2012, 12:33 PM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,123
narupley is on a distinguished road
Default

I'm not an SFTP expert, but I think that while FileZilla may still call it a certificate in that pop-up dialog, it's actually a public key that the program is asking whether or not you want to trust (and if so, then it imports that key into the program's local cache or something like that). Unless you've specified a particular private key though, the client still generates one automatically for you, since in the end that's how SSH works.

Here's a rather simple example using JSch: http://sthen.blogspot.com/2008/03/sf...ivate-key.html
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.

Last edited by narupley; 08-14-2012 at 12:36 PM.
Reply With Quote
  #5  
Old 08-14-2012, 12:47 PM
JoshMc JoshMc is offline
OBX.2 Kenobi
 
Join Date: Jun 2009
Location: Nashville, TN
Posts: 95
JoshMc is on a distinguished road
Default

Quote:
Originally Posted by narupley View Post
I'm not an SFTP expert, but I think that while FileZilla may still call it a certificate in that pop-up dialog, it's actually a public key that the program is asking whether or not you want to trust (and if so, then it imports that key into the program's local cache or something like that). Unless you've specified a particular private key though, the client still generates one automatically for you, since in the end that's how SSH works.

Here's a rather simple example using JSch: http://sthen.blogspot.com/2008/03/sf...ivate-key.html
That is my understanding of how it works as well. I'm not specifying a private key anywhere, just trusting their key. If I could just get Java to accept or trust that key, we'd be in good shape.

If I went the route of using JSch, do I just download the jar and put it somewhere (custom-lib directory, perhaps)? Then I should be able to call it somehow? Am I on the right track here? My java is quite fuzzy.
Reply With Quote
  #6  
Old 08-14-2012, 02:18 PM
narupley's Avatar
narupley narupley is online now
Mirth Employee
 
Join Date: Oct 2010
Posts: 7,123
narupley is on a distinguished road
Default

Fortunately, JSch is already included by default with Mirth Connect. Just import the com.jcraft.jsch pacakge in your Rhino context, and you'll be able to instantiate a session and all that good stuff.
__________________
Step 1: JAVA CACHE...DID YOU CLEAR ...wait, ding dong the witch is dead?

Nicholas Rupley
Work: 949-237-6069
Always include what Mirth Connect version you're working with. Also include (if applicable) the code you're using and full stacktraces for errors (use CODE tags). Posting your entire channel is helpful as well; make sure to scrub any PHI/passwords first.


- How do I foo?
- You just bar.
Reply With Quote
  #7  
Old 08-15-2012, 10:35 AM
JoshMc JoshMc is offline
OBX.2 Kenobi
 
Join Date: Jun 2009
Location: Nashville, TN
Posts: 95
JoshMc is on a distinguished road
Default

Quote:
Originally Posted by narupley View Post
Fortunately, JSch is already included by default with Mirth Connect. Just import the com.jcraft.jsch pacakge in your Rhino context, and you'll be able to instantiate a session and all that good stuff.
I may not have to go this route after all. Apparently, my troubleshooting skills are lacking lately. I can't connect to the sftp server in question from the Mirth server via FileZilla. It still works on our other server.

This tells me that either the outbound connection is blocked from leaving our network or it's blocked from entering the remote network. My further research confirmed the later. They have IP blocking in place and did not have the Mirth server as an allowed connection.
Reply With Quote
Reply

Tags
certificate, sftp

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 09:51 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Mirth Corporation