Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

Re: Update

2018-03-09

scott.franklin wrote:

Quick update on this situation: it's now my understanding that this client certificate must contain my private key.

Yes for sure. A file that contains only "BEGIN CERTIFICATE..." is not enough.

but where does WinSCP pull their public key from to encrypt data sent to them? windows cert registry?

It's retrieved directly from the server. You do not have to have it upfront. Of course, only as long as their certificate is signed by a trusted authority. If that's not the case, you have to import the certificate to Windows certificate store. Otherwise WinSCP will show you a warning about an untrusted certificate and you can choose to confirm that you trust it nevertheless.

scott.franklin

Update

2018-03-07 20:41

Quick update on this situation: it's now my understanding that this client certificate must contain my private key.

but where does WinSCP pull their public key from to encrypt data sent to them? windows cert registry?

regards,

scott.franklin

Trouble Debugging FTPS Connection -- error:0906D06C:PEM routines:PEM_read_bio:no start line

2018-03-07 18:14

Hello, I come to this forum in my darkest hour in search of assistance. Full disclosure: I've never used FTPS; all previous clients are happy to share via SFTP. This client is not.
They have provided me with necessary server details, username/password (they require dual authentication with cert first, then username/password) and both SSL cert and server cert. These certs are provided as .cer's and contain only the cert/public key within them, with the format "----BEGIN CERTIFICATE----....<cert-info>.....----END CERTIFICATE----"

It's my understanding that this format is actually the .pem format (which is required by WinSCP) so renaming and using their provided SSL cert should work fine.

However, when supply either certificate in the "Client Certificate File" returns the error, "error:0906D06C:PEM routines:PEM_read_bio:no start line". I have tried changing format to UTF-8, UTF-8 BOM, and ANSI but the error persists.

What am I missing? Did my client provide bad certs perhaps? Thank you for all your help and excuse my ignorance on this subject. Most information out there boils down to "just use SFTP!" which isn't helpful.

Post a reply

Topic review

Re: Update

Update

Trouble Debugging FTPS Connection -- error:0906D06C:PEM routines:PEM_read_bio:no start line

Documentation

Support

Associations

Follow Us