Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Update

scott.franklin wrote:

Quick update on this situation: it's now my understanding that this client certificate must contain my private key.

Yes for sure. A file that contains only "BEGIN CERTIFICATE..." is not enough.

but where does WinSCP pull their public key from to encrypt data sent to them? windows cert registry?

It's retrieved directly from the server. You do not have to have it upfront. Of course, only as long as their certificate is signed by a trusted authority. If that's not the case, you have to import the certificate to Windows certificate store. Otherwise WinSCP will show you a warning about an untrusted certificate and you can choose to confirm that you trust it nevertheless.
scott.franklin

Update

Quick update on this situation: it's now my understanding that this client certificate must contain my private key.

but where does WinSCP pull their public key from to encrypt data sent to them? windows cert registry?

regards,
scott.franklin

Trouble Debugging FTPS Connection -- error:0906D06C:PEM routines:PEM_read_bio:no start line

Hello, I come to this forum in my darkest hour in search of assistance. Full disclosure: I've never used FTPS; all previous clients are happy to share via SFTP. This client is not.
They have provided me with necessary server details, username/password (they require dual authentication with cert first, then username/password) and both SSL cert and server cert. These certs are provided as .cer's and contain only the cert/public key within them, with the format "----BEGIN CERTIFICATE----....<cert-info>.....----END CERTIFICATE----"

It's my understanding that this format is actually the .pem format (which is required by WinSCP) so renaming and using their provided SSL cert should work fine.

However, when supply either certificate in the "Client Certificate File" returns the error, "error:0906D06C:PEM routines:PEM_read_bio:no start line". I have tried changing format to UTF-8, UTF-8 BOM, and ANSI but the error persists.

What am I missing? Did my client provide bad certs perhaps? Thank you for all your help and excuse my ignorance on this subject. Most information out there boils down to "just use SFTP!" which isn't helpful.