Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: SSL3 alert read: fatal: unknown CA

The error probably refers to your client certificate, not to the server certificate. How did you generate the client certificate? Can you share a new certificate (without any privileges) generated the same way?
Guest

SSL3 alert read: fatal: unknown CA

Hi,
I'm new to WinSCP, trying to automate file copy using FTPS and replacing a FileZilla client I'm using manually right now.
I have the same issue in GUI and script.
Target FTP is a Synology. Error is :
SSL3 alert read: fatal: unknown CA
TLS connect: error in error
Can't establish TLS connection
Can't establish TLS connection
Connection failed.

1/ From GUI
1.png

2 / From PowerShell code it's the same. (I've uploaded the log file)
try
{
    # Load WinSCP .NET assembly
    Add-Type -Path "C:\Scripts\WinSCP-5.17.6-Automation\WinSCPnet.dll"
 
    # Setup session options
    $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
       Protocol = [WinSCP.Protocol]::Ftp
       FtpMode = [WinSCP.FtpMode]::Passive
       HostName = "MyFQDN"
       UserName = "myUserName"
       Password = "Mypassword"
       FtpSecure = [WinSCP.FtpSecure]::Explicit
       TlsClientCertificatePath = "C:\Scripts\certificate.pfx"
       TlsHostCertificateFingerprint = "xx:xx:xx:xx:xx:xx:xx:xx:xx"
       PrivateKeyPassphrase = "xxx"
    }
 
    $session = New-Object WinSCP.Session
 
    try
    {
       $session.SessionLogPath = "C:\Scripts\WinSCP_NET.log"
        # Connect
        $session.Open($sessionOptions)
 
        # Get list of matching files in the directory
        $files =
            $session.EnumerateRemoteFiles(
                $remotePath, $wildcard, [WinSCP.EnumerationOptions]::None)
 
        # Any file matched?
        if ($files.Count -gt 0)
        {
            foreach ($fileInfo in $files)
            {
                Write-Host ("$($fileInfo.Name) with size $($fileInfo.Length), " +
                    "permissions $($fileInfo.FilePermissions) and " +
                    "last modification at $($fileInfo.LastWriteTime)")
            }
        }
        else
        {
            Write-Host "No files matching $wildcard found"
        }
    }
    finally
    {
        # Disconnect, clean up
        $session.Dispose()
    }
 
    exit 0
}
catch
{
    Write-Host "Error: $($_.Exception.Message)"
    exit 1
}

Reference I've checked :
Troubleshooting Connection Issues: https://winscp.net/eng/docs/troubleshooting#connection
https://winscp.net/eng/docs/tls and https://winscp.net/eng/docs/guide_connect

It's seems that I'm missing trusted root CA si i've added Root and intermediate CA certificates to my Synololy and the client server - Both Server certificate and Client certificate are delivered from Public CA.

Result was still the same error message so

3/ I have also tried WINSCP command line
PS C:\Scripts> & "C:\program files (x86)\winscp\winscp.com" /command `"option batch abort`" `"option confirm off`" `"open ftpes://UserName:MySecret@test.mycompany.com -passive=on -certificate='"xx:xx:xx:xx:xx:xx:xx:xx:"' -clientcert="C:\Scripts\cert.pfx" -passphrase="MySecret" -rawsettings FtpForcePasvIp=1 portnumber=21`" `"dir`" `"exit`"

Result is still
La connexion a échouée.
SSL3 alert read: fatal: unknown CA
TLS connect: error in error
Connexion SSL impossible à établir
Déconnecté du serveur
La connexion a échouée.

Thanks for your help