Topic "The server's certificate is not known."

Author Message
PENDRAGON
[View user's profile]

Joined: 2013-07-17
Posts: 2
WinSCP version 4.3.6, Windows 7/XP/others

FTP -> SSL Explicit encryption

Server = IIS on Windows 2008R2 server

Question:
I have a certificate on my server through a public CA. When connecting to my server via FTP over SSL, I get the warning box "The server's certificate is not known...". It does show the correct Organization information but this still shows up. The message further states "Summary: Unable to get local issuer certificate. The error occurred at a depth of 2 in the certificate chain.".

Is there a way to configure either WinSCP or the certificate on the server side so that the certificate is accepted without this prompt? I have clients that see that box and it raises a red flag to them as a possible security flaw.

In researching, a site admin for the FileZilla client said that FileZilla will always prompt even when it is a public certificate. I get a very similar message when testing with FileZilla.

Thanks!
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
So what do you want WinSCP to do?
Is the certificate of the public CA stored in the Windows certificate storage?
Or do you expect WinSCP to verify the key online somehow?
PENDRAGON
[View user's profile]

Joined: 2013-07-17
Posts: 2
Thanks for the reply.

The certificate I'm using is from trusted root CA - yes.

In other words if I used the same cert on a web site instead of an FTPs site, going to that web page would show as trusted with the lock and the cert ID and all that and wouldn't issue any prompts such as 'not known' - and it would work that way on all platforms not just Windows. The same way you go to any SSL site for a bank or a merchant without being prompted (unless of course the cert was not from a trusted CA or wrong name or expired or something obviously).
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
This request has been added to the tracker:
http://winscp.net/tracker/show_bug.cgi?id=1063
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
I have sent you an email with a development version of WinSCP to address you have used to register on this forum.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License