@ljakobs: Sent.

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

@TomVS: Sent.

Hi prikryl,

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

Thanks,
Tom

@ftpuser: Sent.

Hi Can I have the dev version also as I have a need for this via C#. Thanks

@BCH: WinSCP supports file certificates only.
Anyway, I have sent you an email with a development version of WinSCP to address you have used to register on this forum.

Hello,
I also am working on a particular use case with a need for client certs on implicit FTPS connections.

If possible, I'd like to test the 5.8 version for our particular case: cert and its key are located either on a smart-card, or a USB dongle.

Thanks a lot!

@martin: What a pity. It works like a charm.

I read the following:
Difference between SSH and SSL | Difference Between | Difference between SSH vs SSL

SSL means “Secure Sockets Layer”. Many protocols — like HTTP, SMTP, FTP, and SSH ‘“ were adjusted to include the support of SSL. Basically, it works as a tier in a certain protocol to provide cryptographic and security functions.

The combination of certificates and SSH is very powerful. There is no need any more for users to copy their public keys to the server. The Certificate issuer (CA / signer) can make the certificate valid for a limited time period. SSH options can be allowed or disallowed per certificate. It's great.

@Marty: That's a proprietary extension of OpenSSH server.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
WinSCP does not support this.
There are no client certificates in proper SSH.

---

Edit 2024: It's supported now:
Issue 1873 – Support for OpenSSH certificates for user authentication

martin wrote:

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with:

The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)

@Marty: The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

For SSH/SFTP, you use private keys, which WinSCP always supported (-privatekey).

You just have to convert the key to .ppk format.

Use PuTTYgen:
https://winscp.net/eng/docs/ui_puttygen

What kind of certificate and private key format is WinSCP (version 20150710r) expecting?

When I try it with OpenSSH generated keys, I get the following:

@jdantzler: Sent.

I'd like to test it out too if possible? Thanks.

@ebstc: Sent.

My I have a copy too?

@Marty: Could you also give me a link to the development version?

Sent.

I'd also like to test certificate authentication. Could you send me a portable 5.8 dev build as well, please? (or point me to a location where I can download it myself)?

@JMisset: Why? The point of the passphrase is to have the key protected. Yet, you are willing to have WinSCP remember the password, effectively breaking this. What's the difference?

@martin: Do you mean removing the passphrase from the certificate? I'm afraid that this is not an option for me.

@JMisset: Did you consider saving the certificate without passphrase?

@clemensh: Sent.

Thanks! Enjoying it so far :)! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?

Can you please send me this version, too? I will need the correct console commands in future. Thanks!

@JAllison: Sent.

A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!

@JMisset: Sent.

Hi,

Could you also give me a link to the development version? I would also very much like to try this feature.

Thanks in advance!
Jasper

See https://winscp.net/eng/docs/scriptcommand_open
It's -clientcert and -passphrase.
I'm sending you the latest build that will match a future production version.

Thank you!
One question, what would the command switch to specify the certificate file and passphrase?

Sent to both of you.

May I please get the development version with client certificate support for FTPS as well?

Thanks a lot!

Hi
I am very interested in testing the FTPS certificate functionality.
Would it be possible to receive a link to the development version?

Thanks!
John

@clemensh: Sent.
We do not give any dates. But it won't be soon.

Hi,

can you send it to me, too? Would be great!
By the way, when is release date für 5.8?

Thank you very much!
ch

@yayitza: Sent.

Hi,

Can I get a this too? I need to connect to an FTP that requires certificate authentication.

thanks!

It's just a link. I've resent it. Maybe you get this time.

Hi, thanks
although I haven't received it yet.
If you've sent the program itself rather then a link, it is probably halted by our security scanner on the mail.
It will take some time to get it released, so I can use it.
As soon as I've got it, I will let you know if it works alright.
Greetings,
Henk.

@hniland: Sent. I appreciate any feedback.

Hi,
I'm busy with the same issue.
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Thanks
Henk Niland

Sorry for late answer,

İ sent details with mail.

I have sent you an email with a development version for testing.

Thanks very much.

It's a priority for the next release.
Issue 921 – Authentication with TLS/SSL client certificates

Hi,

Will you add SSL cert support? I can't add our certs for connection.

I can add other FTP client, but I dont want use it. WinSCP is best for me 8)