FTP SSL - Accepting Certificate via Command Line

Advertisement

Guest

FTP SSL - Accepting Certificate via Command Line

When using command line: winscp.exe [mysession] to try to do FTP SSL, I get the message:
+++ Start of message
If you trust this certificate, press Yes. To connect without storing certificate
, press No. To abandon the connection press Cancel.
Continue connecting and store the certificate?
(Y)es, (N)o, C(a)ncel, (C)opy Key: Cancel
Connection failed.
+++ End of message
So, how do I reply to this message to allow for the certificate?
Extra: If have the above working for straight FTP to another site and using the help examples that leverage example.txt and server.ini. But the FTP SSL certificate is causing me problems. After posting this question, I'll continue to search the forums and documentation for an answer. But, hopefully in the mean time someone will know the answer to my question. Thanks, Scott

Reply with quote

Advertisement

Guest

Re: FTP SSL - Accepting Certificate via Command Line

I think I found the solution. I changed example.txt to have: option batch off(instead of option batch on). I also commented out the option confirm (not knowing if it was truly needed or not with option batch off). So, this allowed me to accept the certificate manually via the Command window. Is this the recommended way to do this, or is there a better way? Thanks. - Scott

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: FTP SSL - Accepting Certificate via Command Line

You cannot do this automatically yet. This issue has been added to tracker.

Though you can do it as you did. Just accept the certificate somehow (it does not matter if from script or GUI). The certificate fingerprint is stored to configuration (INI or registry). So the next time you can connect without being asked (even with batch on).

Reply with quote

Gues
Guest

Re: FTP SSL - Accepting Certificate via Command Line

martin wrote:

You cannot do this automatically yet. This issue has been added to tracker.

Though you can do it as you did. Just accept the certificate somehow (it does not matter if from script or GUI). The certificate fingerprint is stored to configuration (INI or registry). So the next time you can connect without being asked (even with batch on).

Prikyl, you are an expert, I am a newbie. I am looking for where to read information to do the following: I would like to have some kind of certificate authentication so that my client on ftp must have the right certificate on their machine and use a password before they can send to the server. But I do not need the transmnission encrypted. Right now it is just a user name and password in clear text. I would like something else they must have in order to transmit.

Reply with quote

Advertisement

Guest

In case it would be helpful to someone who has the same problem I had listed at the start of this thread, I realized the following that using the winscp.ini instead of server.ini caused things to work much easier.
To Explain:
I found that using the WinSCP GUI I could accept the FTP SSL certificate. But, when I tried the following command from the WinSCP online documentation for automation, the certificate didn't work:
winscp /console /script=example.txt /ini=server.ini
What I didn't realize is that if I changed "server.ini" to "winscp.ini", then it would work with the certificate I had accepted via the GUI.
What I had done to cause the original problem was to creat the server.ini file from some of the winscp.ini lines. But, in doing so, I failed to get the needed certificate information.
So, the easy solution was to the following command line instead:
winscp /console /script=example.txt /ini=winscp.ini
- Scott

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Anonymous wrote:

In case it would be helpful to someone who has the same problem I had listed at the start of this thread, I realized the following that using the winscp.ini instead of server.ini caused things to work much easier.
WinSCP does not care what name of INI file is. So there must be different cause.

Reply with quote

Advertisement

You can post new topics in this forum