Topic "Error Decoding Certificate when trying to setup a FTPS (Explicit) Connection"

Author Message
richardmft
[View user's profile]

Joined: 2016-09-08
Posts: 2
Location: UK
Hi,

I'm trying to setup a WinSCP connection to a remote FTPS server using Client Certificates for authentication using the GUI in commander mode.

The Client Certificate is Passphrase protected

When I try to connect, A windows is opened entitled "Client Certifcate Pass Phrase <SiteName>" and it prompts me to enter the passphrase.

I enter the passpharse but it throws and error:

"Error Decoding Certificate"

The pass phrase is correct as I can successfully use the certificate in SmartFTP and also import it into the windows certificate manager.

I have tried manually typing the password and cut+paste but both fail.

The key is in *.PKS format.

the pass phrase is 16 characters long and consists of Upper and lowercase alpha characters and also contains special chars ($, £)

Session log:
. 2016-09-06 12:29:30.895 --------------------------------------------------------------------------
. 2016-09-06 12:29:30.895 WinSCP Version 5.9.1 (Build 6885) (OS 6.3.9600 - Windows Server 2012 R2 Datacenter)
. 2016-09-06 12:29:30.895 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\
. 2016-09-06 12:29:30.895 Log level: Debug 1
. 2016-09-06 12:29:30.895 Local account: AZRWESLGGSPROXY\Richard.Joy
. 2016-09-06 12:29:30.895 Working directory: C:\Program Files (x86)\WinSCP
. 2016-09-06 12:29:30.895 Process ID: 3088
. 2016-09-06 12:29:30.895 Command-line: "C:\Program Files (x86)\WinSCP\WinSCP.exe"
. 2016-09-06 12:29:30.895 Time zone: Current: GMT+1, Standard: GMT+0 (GMT Standard Time), DST: GMT+1 (GMT Daylight Time), DST Start: 3/27/2016, DST End: 10/30/2016
. 2016-09-06 12:29:30.895 Login time: Tuesday, September 6, 2016 12:29:30 PM
. 2016-09-06 12:29:30.895 --------------------------------------------------------------------------
. 2016-09-06 12:29:30.895 Session name: ##### (Site)
. 2016-09-06 12:29:30.895 Host name: ################# (Port: 21)
. 2016-09-06 12:29:30.895 User name: anonymous (Password: Yes, Key file: No)
. 2016-09-06 12:29:30.895 Transfer Protocol: FTP
. 2016-09-06 12:29:30.895 Ping type: Dummy, Ping interval: 30 sec; Timeout: 15 sec
. 2016-09-06 12:29:30.895 Disable Nagle: No
. 2016-09-06 12:29:30.895 Proxy: None
. 2016-09-06 12:29:30.895 Send buffer: 262144
. 2016-09-06 12:29:30.895 UTF: Auto
. 2016-09-06 12:29:30.895 FTPS: Explicit TLS/SSL [Client certificate: Yes]
. 2016-09-06 12:29:30.895 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2016-09-06 12:29:30.895 Session reuse: Yes
. 2016-09-06 12:29:30.895 TLS/SSL versions: SSLv3-TLSv1.2
. 2016-09-06 12:29:30.895 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2016-09-06 12:29:30.895 Cache directory changes: Yes, Permanent: Yes
. 2016-09-06 12:29:30.895 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2016-09-06 12:29:30.895 Timezone offset: 0h 0m
. 2016-09-06 12:29:30.895 --------------------------------------------------------------------------
. 2016-09-06 12:29:30.895 Certificate is encrypted, need passphrase
* 2016-09-06 12:30:27.490 (ESshFatal)

Software and OS version:

WinSCP Version 5.9.1 (Build 6885)
Windows Server 2012 R2 Datacenter

I would be grateful if you could advise on what could be causing this issue.

Thanks,
Richard
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Thanks for your report. Can you generate a new certificate with the same format, and try if it has the same problem? If it does, can you share the certificate with us for testing?
richardmft
[View user's profile]

Joined: 2016-09-08
Posts: 2
Location: UK
Hi Martin,

Many thanks for your reply.

I have done a bit more testing and the problem appears to be the password on the certificate in question as other certs in the same format work in winscp when setting up connections to the same FTPS server. When I delibratly entered the wrong password on a working certificate it produced the same error as the problem cert so I figured that it was something password related.

As a test I tried changing the password on the certificate that wouldn't import. I did this by importing the cert into Windows certmgr as an exportable cert, and then re-exporting it setting a new password, same length but without special characters. I tried the connection again and it worked.

Could it be that Winscp is interpreting the password with special characters incorrectly?

I'm happy with my workaround for now, but if you would still like me to send you the example cert I could do so.

Thanks,
Richard
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
Yes, please post an example certificate.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 24530
Location: Prague, Czechia
This issue has been added to the tracker:
https://winscp.net/tracker/show_bug.cgi?id=1461
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License