Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: The server’s host key does not match the one WinSCP has in cache, multiple host keys used for lo

It's indeed a similar situation, but you are actually the first one have this problem. So a support for multiple TLS/SSL certificates was never implemented (contrary to multiple SSH host keys).
memaxon

Re: The server’s host key does not match the one WinSCP has in cache, multiple host keys used for lo

No, I don't have any old log files from our previous release. Since we never had any issues I don't think I ever even knowingly logged anything. So, because we're using FTP, not SFTP, what is getting updated in the WinSCP.ini file is the certificate not the fingerprint? And there's no way to check multiple certificates? My assumption is that it's a similar situation where there are four target servers behind a load balancer and depending on the moment you could get any one of them. I've seen one of the 4 below at different times. I'll check with the vendor to see if that's changed recently.

upload.perfectcompliance.com:990:tls=a9:c2:55:20:d3:49:74:e3:3a:2c:84:16:fa:ad:63:a1:2a:cd:08:a4
upload.perfectcompliance.com:990:tls=12:ad:a0:f5:40:fa:f1:e5:67:f9:7a:35:ea:17:44:27:c4:6d:2b:97
upload.perfectcompliance.com:990:tls=a3:5a:07:27:c6:43:72:4a:e4:28:69:af:83:18:af:22:eb:fa:34:17
upload.perfectcompliance.com:990:tls=a6:ae:f0:eb:b4:fa:56:f3:78:df:6d:22:2f:25:56:aa:59:0d:1a:f6
martin

Re: The server’s host key does not match the one WinSCP has in cache, multiple host keys used for load b

Note that the message says "server's certificate", not "host key". "host keys" are for SFTP/SSH, not FTP.

WinSCP does not support multiple certificates for a single hostname.

I cannot imagine how it could have worked in 5.5.2. Do you have a log file from that version?
memaxon

The server’s host key does not match the one WinSCP has in cache, multiple host keys used for load b

I'm using WinSCP 5.11.03 to FTP a file to a vendor site using the FTP file protocol. We just upgraded from 5.5.2 (Build 4130). I am using the same WinSCP.ini file I have been using for years. I get "The server’s host key does not match the one WinSCP has in cache". After a few times it will eventually work when it hits the target host whose fingerprint is in the WinSCP.ini file. I read the solution about multiple fingerprints in the WinSCP.ini and attempted to try that using the command line as outlined in the solution but I don't get an option to "Add", only "Yes", "No", "Cancel". "Copy Key" options are available. I tried adding the fingerprint manually to the WinSCP.ini file using a semi-colon between fingerprints as suggested but it doesn't seem to work.