KB Article #177526

OFTP2 jtood error: Version 1 certificates can not be used as CA ones. Error code: 81013 Reason: 0

Problem


/ Tsim / spool / obj> jtood OFTP client
10/11/15 12:08:00 PM jtood Home (c) 2000-2013 Axway GmbH $ Revision: $ 117,512
10/11/15 12:08:00 PM OFTP client
151110 120800 OFTP Home (c) 2000-2013 Axway GmbH $ Revision: $ 117,339
151110 120800 H-JOFTP 84006: Connecting to gateway 'client'
151110 120801 E-JOFTP 84102: Can not establish nor accept connection via 'lib / OFTP2 / srtcpDB.tlib': TlibException: 5 (. Outgoing call rejected) client = x.x.x.x / xxxx: de.axway.oftp.security.SecurityException: E-SEC-45013 A non specific security exception thrown what: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: de.axway.certmgr.api.CMValidationException: Version 1 certificates can not be used as CA Ones , Error code: 81013 Reason: 0 de.axway.oftp.security.SecurityException: E-SEC-45013 A non specific security exception thrown what: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: de.axway. certmgr.api.CMValidationException: Version 1 certificates can not be used as CA ones. Error code: 81013 Reason: 0
151110 120801 Fromod Home (c) 2000-2013 Axway GmbH client
151110 120801 Fromod End Requests processed: 0
151110 120801 H-JOFTP 84034: OFTP end
10/11/15 12:08:01 PM jtood End



Resolution

It has to use Version 3 certificates for CA.

Explanation is here:

OFTP2 uses: X.509
https://tools.ietf.org/html/rfc5024
//

The security features in ODETTE-FTP 2 are centred around the use of
[X.509] certificates.
//

[X.509] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002.

https://tools.ietf.org/html/rfc3280
This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
Revocation List (CRL) for use in the Internet.

https://tools.ietf.org/html/rfc6187

X.509 public key certificates use a signature by a trusted
certification authority to bind a given public key to a given digital
identity. This document specifies how to use X.509 version 3 public
key certificates in public key algorithms in the Secure Shell
protocol.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.