Ok, now I have it.
I was doing it wrong from the beginning. To start with, you need to convert the two files (vsftpd.crt and vsftpd.key) into a single PKCS12 file.
openssl pkcs12 -export -in vsftpd.crt -inkey vsftpd.key > vsftpd.p12
Next, you need to import the PKCS12 file into a keystore:
keytool -importkeystore -srckeystore vsftpd.p12 -destkeystore keystore.jks -srcstoretype pkcs12
Detailed instructions [here].2
Finally, you just need to instantiate a trust manager with the generated keystore, and hand it to the FTPSClient. Something like:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.net.ftp.FTP;
import org.apache.commons.net.ftp.FTPSClient;
import org.apache.commons.net.io.Util;
import org.apache.commons.net.util.TrustManagerUtils;
public method() throws IOException, GeneralSecurityException{
File storeFile = new File("path/to/keystore");
KeyStore keyStore = loadStore("JKS", storeFile, "password");
X509TrustManager defaultTrustManager = TrustManagerUtils.getDefaultTrustManager(keyStore);
client = new FTPSClient(properties.getProtocol(), isImpicit);
client.setTrustManager(defaultTrustManager);
logOutput = new LogOutputStream(log, Level.INFO);
}
//Helper method from apache: http://commons.apache.org/proper/commons-net/apidocs/index.html?org/apache/commons/net/util/KeyManagerUtils.html
private KeyStore loadStore(String storeType, File storePath, String storePass)
throws KeyStoreException, IOException, GeneralSecurityException {
KeyStore ks = KeyStore.getInstance(storeType);
FileInputStream stream = null;
try {
stream = new FileInputStream(storePath);
ks.load(stream, storePass.toCharArray());
} finally {
Util.closeQuietly(stream);
}
return ks;
}