Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)


Topic review


Re: cannot add private key for FTPS

@needing help: Are you @CryptoBoy or someone else? As I've stated above, you cannot use PuTTYgen to generate certificates for FTPS. That does not work, and never did. If you need our help, we need much more information (see my previous post).
needing help

cannot add private key for FTPS

I created a pub/priv key pair a few months ago and when I attempted another one it fails adding the private key. The keys were created with Putty as before that worked.

Cannot read certificate - path to the file.
error:1E08010C:DECODER routines::unsupported

Re: FTP SSL/TLS Client Certificate - Nothing Works

Can you please be more specific?
What certificate format was working in previous versions of WinSCP and is not working now?
Note that PuTTYgen is for generating SSH keys, not TLS certificates. Same for OpenSSH tools. SSH and TLS are not comparable nor compatible.
Can you share an example certificate that does not work with WinSCP, but works with other clients (and which are those)?

FTP SSL/TLS Client Certificate - Nothing Works

Latest version. We've tried every kind of key/certificate and nothing works with WinSCP. We've tried private/public (PEM), private/certificate (PEM), OpenSSH, non-OpenSSH, PuTTYgen, Keystore Explorer, Java. The only thing we could get to work was a very old expired certificate (in private key / certificate PEM format). Nothing new works. WinSCP either doesn't accept the file at all or you get disconnected from the server with "SSL3 alert read: fatal certificate unknown". Our keys and certs work with other clients to the same server. Even the bundled PuTTYgen does not generate files that WinSCP can use.

I think WinSCP is not handling SSL certificates correctly. You need to use standard X.509 certificates, in standard file formats, and WinSCP should not require that they be signed. That's up to the server. And you need to be able to enter a password/passphrase for some files formats. And SSL/TLS requires that you have both your private key and your public certificate to encrypt. WinSCP has no place to specify a private key!

It was working in previous versions.