Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: The server's certificate is not known.

I have sent you an email with a development version of WinSCP to address you have used to register on this forum.
PENDRAGON

The server's certificate is not known.

Thanks for the reply.

The certificate I'm using is from trusted root CA - yes.

In other words if I used the same cert on a web site instead of an FTPs site, going to that web page would show as trusted with the lock and the cert ID and all that and wouldn't issue any prompts such as 'not known' - and it would work that way on all platforms not just Windows. The same way you go to any SSL site for a bank or a merchant without being prompted (unless of course the cert was not from a trusted CA or wrong name or expired or something obviously).
martin

Re: The server's certificate is not known.

So what do you want WinSCP to do?
Is the certificate of the public CA stored in the Windows certificate storage?
Or do you expect WinSCP to verify the key online somehow?
PENDRAGON

The server's certificate is not known.

WinSCP version 4.3.6, Windows 7/XP/others

FTP -> SSL Explicit encryption

Server = IIS on Windows 2008R2 server

Question:
I have a certificate on my server through a public CA. When connecting to my server via FTP over SSL, I get the warning box "The server's certificate is not known...". It does show the correct Organization information but this still shows up. The message further states "Summary: Unable to get local issuer certificate. The error occurred at a depth of 2 in the certificate chain.".

Is there a way to configure either WinSCP or the certificate on the server side so that the certificate is accepted without this prompt? I have clients that see that box and it raises a red flag to them as a possible security flaw.

In researching, a site admin for the FileZilla client said that FileZilla will always prompt even when it is a public certificate. I get a very similar message when testing with FileZilla.

Thanks!