Over a million developers have joined DZone.

ColdFusion and FTP over implicit TLS/SSL

DZone's Guide to

ColdFusion and FTP over implicit TLS/SSL

· Web Dev Zone
Free Resource

Learn how to build modern digital experience apps with Crafter CMS. Download this eBook now. Brought to you in partnership with Crafter Software

Coldfusion 9 allows you to connect to a secure FTP server (cfftp: Opening and closing secure FTP server connections), however this doesn't seem  to work if the FTP server is using FTP over implicit TLS/SSL. To get it working was quite a head-ache and hopefully I can save someone else many hours of swearing!

Firstly if you are getting the error:

PKIX path building failed: 
unable to find valid certification path to requested target

Then you may just need to add the certificate to your ColdFusion server. To do this I recommend using CertMan which you can download from http://certman.riaforge.org/.

That didn't work for me I was still getting this error:

An error occurred while establishing an sFTP connection.

Verify your connection attributes: username, password, server, fingerprint, port, key, connection, proxyServer, and secure (as applicable). Error: connection is closed by foreign host.

So, then I started looking for Java libraries and found ftp4j which is licenced under the LGPL. Using it in ColdFusion is pretty simple if you use Mark Mandel's excellent JavaLoader.

So, download JavaLoader and extract into your webroot and then download ftp4j and put the ftp4j-1.6.jar in the webroot (if you're using mappings then you can put them anywhere).

Now that's done, here is some sample code to connect and list the directory contents of the FTP Server.

paths = [];

This points to the jar we want to load.
Could also load a directory of .class files
paths[1] = expandPath("ftp4j-1.6.jar");

//create the loader
loader = createObject("component", "javaloader.JavaLoader").init(paths);

//at this stage we only have access to the class, but we don't have an instance
FTPClient = loader.create("it.sauronsoftware.ftp4j.FTPClient").init();

//FTPClient.setSecurity(FTPClient.SECURITY_FTPES); // enables FTPES
FTPClient.setSecurity(FTPClient.SECURITY_FTPS); // enables FTPS

// if the security is set to SECURITY_FTPS, the default port used by the connect() method changes to 990.

FTPClient.login("aliaspooryorik", "HardPasswordToGuess");




Crafter is a modern CMS platform for building modern websites and content-rich digital experiences. Download this eBook now. Brought to you in partnership with Crafter Software.


Published at DZone with permission of John Whish, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}