Thanks for your suggestion. Will consider this.

-certificate switch did the trick - https://winscp.net/eng/docs/scriptcommand_open#certificate.

open ftps://user:password@hostName:21 -explicit -certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

Martin, I am using WinSCP for FTPS against a mainframe and as per https://winscp.net/forum/viewtopic.php?t=24203 post /ini=nul helped with disabling the directory caching feature. All works good when my machine has internet access but when I run on some servers behind a firewall, WinSCP can't check the CRL and gives me "Continue connecting and store the certificate?" prompt. I can say "Yes" to the prompt and it works fine. Given that I am using /ini=nul, it can't save the cert info, so I get prompted every time and can't automate my scripts.

So looks like /ini=winscp.ini (https://winscp.net/forum/viewtopic.php?t=6924) solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this https://winscp.net/forum/viewtopic.php?t=24120.

I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.

In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?

Thanks