The server's certificate is not known.

Advertisement

PENDRAGON
Joined:
Posts:
2

The server's certificate is not known.

WinSCP version 4.3.6, Windows 7/XP/others

FTP -> SSL Explicit encryption

Server = IIS on Windows 2008R2 server

Question:
I have a certificate on my server through a public CA. When connecting to my server via FTP over SSL, I get the warning box "The server's certificate is not known...". It does show the correct Organization information but this still shows up. The message further states "Summary: Unable to get local issuer certificate. The error occurred at a depth of 2 in the certificate chain.".

Is there a way to configure either WinSCP or the certificate on the server side so that the certificate is accepted without this prompt? I have clients that see that box and it raises a red flag to them as a possible security flaw.

In researching, a site admin for the FileZilla client said that FileZilla will always prompt even when it is a public certificate. I get a very similar message when testing with FileZilla.

Thanks!

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: The server's certificate is not known.

So what do you want WinSCP to do?
Is the certificate of the public CA stored in the Windows certificate storage?
Or do you expect WinSCP to verify the key online somehow?

Reply with quote

PENDRAGON
Joined:
Posts:
2

The server's certificate is not known.

Thanks for the reply.

The certificate I'm using is from trusted root CA - yes.

In other words if I used the same cert on a web site instead of an FTPs site, going to that web page would show as trusted with the lock and the cert ID and all that and wouldn't issue any prompts such as 'not known' - and it would work that way on all platforms not just Windows. The same way you go to any SSL site for a bank or a merchant without being prompted (unless of course the cert was not from a trusted CA or wrong name or expired or something obviously).

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: The server's certificate is not known.

I have sent you an email with a development version of WinSCP to address you have used to register on this forum.

Reply with quote

Advertisement

You can post new topics in this forum