Peer Certificate rejected

Advertisement

sangeethu
Joined:
Posts:
4
Location:
Detroit

Peer Certificate rejected

I have used winscp dll to connect to sftp test server. But I received Connection failed -> Peer Certificate rejected error.
Please help
SessionOptions sessionOptions = new SessionOptions {
Protocol = Protocol.Ftp,
HostName = "ftp.secureftp-test.com",
UserName = "test",
Password = "test",
PortNumber=990,
FtpSecure=FtpSecure.Implicit,

};

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: Peer Certificate rejected

Are you able to connect from WinSCP GUI?
Please post a session log file (Session.SessionLogPath).

Reply with quote

sangeethu
Joined:
Posts:
4
Location:
Detroit

Re: Peer Certificate rejected

. 2012-06-07 11:34:25.592 --------------------------------------------------------------------------
. 2012-06-07 11:34:25.624 WinSCP Version 5.0.7 (Build 2268) (OS 5.1.2600 Service Pack 3)
. 2012-06-07 11:34:25.624 Configuration: null
. 2012-06-07 11:34:25.639 Local account:test\est
. 2012-06-07 11:34:25.639 Login time: Thursday, June 07, 2012 11:34:25 AM
. 2012-06-07 11:34:25.639 --------------------------------------------------------------------------
. 2012-06-07 11:34:25.639 Session name: test@ftp.secureftp-test.com (Ad-Hoc session)
. 2012-06-07 11:34:25.639 Host name: ftp.secureftp-test.com (Port: 990)
. 2012-06-07 11:34:25.639 User name: test (Password: Yes, Key file: No)
. 2012-06-07 11:34:25.639 Tunnel: No
. 2012-06-07 11:34:25.639 Transfer Protocol: FTP
. 2012-06-07 11:34:25.639 Ping type: C, Ping interval: 30 sec; Timeout: 15 sec
. 2012-06-07 11:34:25.639 Proxy: none
. 2012-06-07 11:34:25.639 FTP: FTPS: Implicit SSL/TLS; Passive: Yes [Force IP: No]
. 2012-06-07 11:34:25.639 Local directory: default, Remote directory: home, Update: Yes, Cache: Yes
. 2012-06-07 11:34:25.639 Cache directory changes: Yes, Permanent: Yes
. 2012-06-07 11:34:25.639 DST mode: 1
. 2012-06-07 11:34:25.639 --------------------------------------------------------------------------
. 2012-06-07 11:34:26.046 Connecting to ftp.secureftp-test.com:990 ...
. 2012-06-07 11:34:26.186 Connected with ftp.secureftp-test.com:990, negotiating SSL connection...
. 2012-06-07 11:34:26.452 Asking user:
. 2012-06-07 11:34:26.452 The server's certificate is not known. You have no guarantee that the server is the computer you think it is. Server's certificate details follow:
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Issuer:
. 2012-06-07 11:34:26.452 - Organization: Chilkat Software, Inc., Secure FTP Test, secureftp-test.com, admin@chilkatsoft.com
. 2012-06-07 11:34:26.452 - Location: US, Illinois, Wheaton
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Subject:
. 2012-06-07 11:34:26.452 - Organization: Chilkat Software, Inc., Secure FTP Test, secureftp-test.com, admin@chilkatsoft.com
. 2012-06-07 11:34:26.452 - Location: US, Illinois, Wheaton
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Valid: 6/20/2011 4:05:00 PM - 6/19/2012 4:05:00 PM
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Fingerprint (SHA1): ca:1f:10:c9:ec:33:cd:4c:1d:de:a2:93:54:02:5a:a5:c9:78:16:8e
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Summary: Self signed certificate. The error occured at a depth of 1 in the certificate chain.
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 If you trust this certificate, press Yes. To connect without storing certificate, press No. To abandon the connection press Cancel.
. 2012-06-07 11:34:26.452
. 2012-06-07 11:34:26.452 Continue connecting and store the certificate? ()
. 2012-06-07 11:34:26.514 Peer certificate rejected
. 2012-06-07 11:34:26.514 Disconnected from server
. 2012-06-07 11:34:26.546 Connection failed.

Reply with quote

sangeethu
Joined:
Posts:
4
Location:
Detroit

Re: Peer Certificate rejected

Thanks for your reply. I tried setting the SSLCertificate in the SessionOptions Constructor, and now I am facing a different issue


Please let me know how to set FtpForcePasvIp=1 using WINSCP dll.

. 2012-06-08 12:19:54.813 Starting upload of c:\Documents and Settings\Greg.Goeveryware\My Documents\EULA.txt
> 2012-06-08 12:19:54.813 TYPE A
< 2012-06-08 12:19:54.875 200 Type set to A
> 2012-06-08 12:19:54.875 PASV
< 2012-06-08 12:19:54.938 227 Entering Passive Mode (192,168,1,80,78,187)
> 2012-06-08 12:19:54.938 MLSD
< 2012-06-08 12:20:05.907 425 Can't open data connection.
> 2012-06-08 12:20:05.907 SIZE EULA.txt
< 2012-06-08 12:20:05.969 550 File not found
> 2012-06-08 12:20:05.969 MDTM EULA.txt
< 2012-06-08 12:20:06.032 550 File not found
> 2012-06-08 12:20:06.032 TYPE I
< 2012-06-08 12:20:06.094 200 Type set to I
> 2012-06-08 12:20:06.094 PASV
< 2012-06-08 12:20:06.157 227 Entering Passive Mode (192,168,1,80,78,188)
> 2012-06-08 12:20:06.157 STOR EULA.txt
< 2012-06-08 12:20:17.063 425 Can't open data connection.
. 2012-06-08 12:20:17.063 Copying files to remote side failed.
* 2012-06-08 12:20:17.063 (ExtException) Copying files to remote side failed.
* 2012-06-08 12:20:17.063 Can't open data connection.
. 2012-06-08 12:20:17.063 Asking user:
. 2012-06-08 12:20:17.063 Error transferring file 'c:\Documents and Settings\Greg.Goeveryware\My Documents\EULA.txt'. ("Copying files to remote side failed.","Can't open data connection.")
* 2012-06-08 12:20:17.063 (EScpSkipFile) Error transferring file 'c:\Documents and Settings\Greg.Goeveryware\My Documents\EULA.txt'.
* 2012-06-08 12:20:17.063 Copying files to remote side failed.
* 2012-06-08 12:20:17.063 Can't open data connection.
. 2012-06-08 12:20:17.063 Script: Failed
> 2012-06-08 12:20:17.204 Script: exit
. 2012-06-08 12:20:17.204 Disconnected from server

Reply with quote

sangeethu
Joined:
Posts:
4
Location:
Detroit

Re: Peer Certificate rejected

Thanks a lot Martin. Is there any way I can obtain SSL Certificate automatically from FTPS Connection, instead of assigning it specifically in SessionOptions Constructor.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: Peer Certificate rejected

Following FAQ is about SSH host key, but it actually applies to SSL certificate to. Basically you do not want do this!
https://winscp.net/eng/docs/faq_hostkey
With SSL certificate, you have an additional option, to back up the certificate by certificte authority.

Reply with quote

Advertisement

You can post new topics in this forum