Topic "FTP/SSL connection gets 'bad certificate' message"

Author Message
Monty Willett
[View user's profile]

Joined: 2012-10-24
Posts: 2
Location: bham ala
I am running under Windows 7 using a Winscp console session to attempt to connect using my FTP client to a secure server with FTP/SSL thru port 990. I have imported a CA certificate to my trusted store but I am getting a 'bad certificate' message. Below is the entire Winscp log of the communication. Any suggestions you may have are greatly appreciated:

. 2012-10-23 14:13:23.744 WinSCP Version 4.3.7 (Build 1679) (OS 6.1.7601 Service Pack 1)
. 2012-10-23 14:13:23.744 Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\
. 2012-10-23 14:13:23.744 Local account: INTERNAL\Monty.Willett
. 2012-10-23 14:13:23.744 Login time: Tuesday, October 23, 2012 2:13:23 PM
. 2012-10-23 14:13:23.744 --------------------------------------------------------------------------
. 2012-10-23 14:13:23.744 Session name: SGNSCP (Modified stored session)
. 2012-10-23 14:13:23.744 Host name: XXXXXXXXX (Port: 990)
. 2012-10-23 14:13:23.744 User name: XXXXXXXXX (Password: Yes, Key file: No)
. 2012-10-23 14:13:23.744 Tunnel: No
. 2012-10-23 14:13:23.744 Transfer Protocol: FTP
. 2012-10-23 14:13:23.744 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2012-10-23 14:13:23.744 Proxy: none
. 2012-10-23 14:13:23.744 FTP: FTPS: Implicit SSL/TLS; Passive: Yes [Force IP: No]
. 2012-10-23 14:13:23.744 Local directory: default, Remote directory: home, Update: No, Cache: Yes
. 2012-10-23 14:13:23.744 Cache directory changes: Yes, Permanent: Yes
. 2012-10-23 14:13:23.744 DST mode: 1
. 2012-10-23 14:13:23.744 --------------------------------------------------------------------------
. 2012-10-23 14:13:23.775 Connecting to XXXXXXXX:990 ...
. 2012-10-23 14:13:23.822 Connected with XXXXXXXX:990, negotiating SSL connection...
. 2012-10-23 14:13:24.165 SSL3 alert read: fatal: bad certificate
. 2012-10-23 14:13:24.165 SSL_connect: failed in SSLv3 read finished A
. 2012-10-23 14:13:24.165 Can't establish SSL connection
. 2012-10-23 14:13:24.165 Disconnected from server
. 2012-10-23 14:13:24.165 Connection failed.
. 2012-10-23 14:13:24.165 Got reply 1004 to the command 1
* 2012-10-23 14:13:24.165 (ESshFatal) Connection failed.
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24736
Location: Prague, Czechia
Are you able to connection with any other FTP client? Can you post a log file from it?
Please please upgrade to the latest version of WinSCP
Martin Prikryl



Yes, I have been able to connect to a secure Filezilla FTP server( without a problem.
I also get the same kind of error (certficate not trusted) using another FTP client system called SecureFX attempting to connect to the problem FTP server. My software install admin rights are strictly controlled by our corporate policy.
I will check with our system admin to see if he will upgrade the version of WinSCP we have been provided.
I was hoping there is a way to suppress to server certificate verification process using WinSCP to prove that the problem is with the server certificate and not my client certificate. I have tried using the 'CERTIFICATE' option of the open command to automatically accept the fingerprint of the host server certificate, but I still get the same error.

The owners of the server are checking into the problem on their end but haven't gotten back with me.
As far as I can tell, my client certificate has been install properly. I can see it in the 'Personal', 'Intermdediate' and 'Trusted Root' certificate stores using IE.

Thanks for your help!

You can post new topics in this forum

Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!


About donations

$9   $19   $49   $99

About donations


WinSCP Privacy Policy

WinSCP License