Topic "SSL certificate support for FTPS"

Author Message
faruxx
[View user's profile]

Joined: 2014-12-18
Posts: 8
Location: Turkey
Hi,

Will you add ssl cert support? I can't add our certs for connection.

I can add other ftp client, but i dont want use it. winscp is best for me Cool
abcx.JPG (53.22 KB)

Description: (none)

abcx.JPG

Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
It's a priority for the next release.
http://winscp.net/tracker/show_bug.cgi?id=921
_________________
Martin Prikryl
faruxx
[View user's profile]

Joined: 2014-12-18
Posts: 8
Location: Turkey
Thanks very much.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
I have sent you an email.
_________________
Martin Prikryl
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
I have sent you an email with a development version for testing.
faruxx
[View user's profile]

Joined: 2014-12-18
Posts: 8
Location: Turkey
Sorry for late answer,

İ sent details with mail.
hniland
[View user's profile]

Joined: 2015-04-14
Posts: 2
Location: Arnhem, The Netherlands
prikryl wrote:
I have sent you an email with a development version for testing.


Hi,
I'm busy with the same issue.
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Thank,s
Henk Niland
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
hniland wrote:
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Sent. I appreciate any feedback.
_________________
Martin Prikryl
hniland
[View user's profile]

Joined: 2015-04-14
Posts: 2
Location: Arnhem, The Netherlands
prikryl wrote:
hniland wrote:
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Sent. I appreciate any feedback.


Hi, thank's
allthough I haven't recieved it yet.
If you've sent the program itself rather then a link, it is probably halted by our security scanner on the mail.
It will take some time to get it released, so I can use it.
As soon as I've got it, I will let you know if it works allright.
Greetings,
Henk.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
It's just a link. I've resent it. Maybe you get this time.
_________________
Martin Prikryl
yayitza
[View user's profile]

Joined: 2015-04-20
Posts: 1
Hi,

Can I get a this too? I need to connect to an FTP that requires certificate authentication.

thanks!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
yayitza wrote:
Can I get a this too? I need to connect to an FTP that requires certificate authentication.

Sent.
_________________
Martin Prikryl
clemensh
[View user's profile]

Joined: 2015-05-12
Posts: 6
Hi,

can you send it to me, too? Would be great!
By the way, when is release date für 5.8?

Thank you very much!

ch
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
clemensh wrote:
can you send it to me, too? Would be great!
By the way, when is release date für 5.8?

Sent.
We do not give any dates. But it won't be soon.
johnasd@hotmail.com
[View user's profile]

Joined: 2015-05-26
Posts: 1
Hi
I am very interested in testing the FTPS certificate functionality.
Would it be possible to receive a link to the development version?

Thanks!
John
TheDoctor
[View user's profile]

Joined: 2015-05-27
Posts: 1
May I please get the development version with client certificate support for FTPS as well?

Thanks a lot!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Sent to both of you.
johnasd

Guest


Thank you!
One question, what would the command switch to specify the certificate file and passphrase?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
See help open.
It's -clientcert and -passphrase.
Though in your build it was -clientcertificate.
I'm sending you the latest build that will match a future production version.
JMisset
[View user's profile]

Joined: 2015-06-10
Posts: 3
Hi,

Could you also give me a link to the development version? I would also very much like to try this feature.

THanks in advance!

Jasper
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
JMisset wrote:
Could you also give me a link to the development version? I would also very much like to try this feature.

Sent.
JAllison
[View user's profile]

Joined: 2015-06-15
Posts: 1
Location: Troy, MI
prikryl wrote:
JMisset wrote:
Could you also give me a link to the development version? I would also very much like to try this feature.

Sent.


A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
JAllison wrote:
A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!

Sent.
clemensh
[View user's profile]

Joined: 2015-05-12
Posts: 6
prikryl wrote:
See help open.
It's -clientcert and -passphrase.
Though in your build it was -clientcertificate.
I'm sending you the latest build that will match a future production version.


Can you please send me this version, too? I will need the correct console commands in future. Thanks!
JMisset
[View user's profile]

Joined: 2015-06-10
Posts: 3
prikryl wrote:
JMisset wrote:
Could you also give me a link to the development version? I would also very much like to try this feature.

Sent.


Thanks! Enjoying it so far Smile! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
clemensh wrote:
Can you please send me this version, too? I will need the correct console commands in future. Thanks!

Sent.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
JMisset wrote:
Thanks! Enjoying it so far Smile! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?

Did you consider saving the certificate without passphrase?
JMisset
[View user's profile]

Joined: 2015-06-10
Posts: 3
prikryl wrote:
JMisset wrote:
Thanks! Enjoying it so far Smile! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?

Did you consider saving the certificate without passphrase?


Do you mean removing the passphrase from the certificate? Im afraid that this is not an option for me..
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
JMisset wrote:
Do you mean removing the passphrase from the certificate? Im afraid that this is not an option for me..

Why? The point of the passphrase is to have the key protected. Yet, you are willing to have WinSCP remember the password, effectively breaking this. What's the difference?
Marty
[View user's profile]

Joined: 2015-07-12
Posts: 4
I'd also like to test certificate authentication. Could you send me a portable 5.8 dev build as well, please? (or point me to a location where I can download it myself)?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Sent.
rlstreet
[View user's profile]

Joined: 2015-07-26
Posts: 1
Location: The Netherlands
prikryl wrote:
Sent.


Could you also give me a link to the development version?
ebstc
[View user's profile]

Joined: 2015-07-26
Posts: 1
Location: USA
My I have a copy too?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Sent.
jdantzler
[View user's profile]

Joined: 2012-12-07
Posts: 13
I'd like to test it out too if possible? Thanks.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
jdantzler wrote:
I'd like to test it out too if possible? Thanks.

Sent.
Marty
[View user's profile]

Joined: 2015-07-12
Posts: 4
What kind of certificate and private key format is WinSCP (version 20150710r) expecting?

When I try it with openssh generated keys, I get the following:
Code:

winscp> open sftp://marty@10.0.0.2 -clientcert=G:\Keystore\client_key-cert.pub -privatekey=G:\Keystore\client_key
Searching for host...
Connecting to host...
Authenticating...
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".
Disconnected: No supported authentication methods available (server sent: publickey)
Authentication log (see session log for details):
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".

Authentication failed.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Marty wrote:
What kind of certificate and private key format is WinSCP (version 20150710r) expecting?

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

For SSH/SFTP, you use private keys, which WinSCP always supported (-privatekey).

You just have to convert the key to .ppk format.

Use PuTTYgen:
https://winscp.net/eng/docs/ui_puttygen
Marty
[View user's profile]

Joined: 2015-07-12
Posts: 4
prikryl wrote:

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with:
sftp -i <client_key> marty@10.0.0.2

The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Marty wrote:
prikryl wrote:

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with:
sftp -i <client_key> marty@10.0.0.2

The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)

That's a proprietary extension of OpenSSH server.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys
WinSCP does not support this.
There are no client certificates in proper SSH.
Marty
[View user's profile]

Joined: 2015-07-12
Posts: 4
prikryl wrote:
prikryl wrote:

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

That's a proprietary extension of OpenSSH server.
http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys
WinSCP does not support this.
There are no client certificates in proper SSH.

What a pity. It works like a charm.

I read the following:
http://www.differencebetween.net/technology/difference-between-ssh-and-ssl/ wrote:

SSL means “Secure Sockets Layer”. Many protocols — like HTTP, SMTP, FTP, and SSH ‘“ were adjusted to include the support of SSL. Basically, it works as a tier in a certain protocol to provide cryptographic and security functions.


The combination of certificates and SSH is very powerful. There is no need any more for users to copy their public keys to the server. The Certificate issuer (CA / signer) can make the certificate valid for a limited time period. SSH options can be allowed or disallowed per certificate. It's great.
BCH
[View user's profile]

Joined: 2015-08-19
Posts: 1
Location: France
Hello,

I also am working on a particular use case with a need for client certs on implicit FTPS connections.

If possible, I'd like to test the 5.8 version for our particular case : cert and its key are located either on a smart-card, or a USB dongle.

Thanks a lot !
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
BCH wrote:
If possible, I'd like to test the 5.8 version for our particular case : cert and its key are located either on a smart-card, or a USB dongle.

WinSCP supports file certificates only.
Anyway, I have sent you an email with a development version of WinSCP to address you have used to register on this forum.
ftpuser
[View user's profile]

Joined: 2015-09-18
Posts: 2
Hi Can I have the dev version also as I have a need for this via c#. Thanks
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
ftpuser wrote:
Hi Can I have the dev version also as I have a need for this via c#. Thanks

Sent.
Tom VS
[View user's profile]

Joined: 2015-09-28
Posts: 1
Hi prikryl,

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

Thanks,
Tom
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Tom VS wrote:
Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

Sent.
ljakobs
[View user's profile]

Joined: 2015-11-12
Posts: 1
Can you please send me the 5.8 dev version too for the same reason FTPS with certs.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24512
Location: Prague, Czechia
Sent.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License