The server's certificate is not known.

WinSCP version 4.3.6, Windows 7/XP/others

FTP -> SSL Explicit encryption

Server = IIS on Windows 2008R2 server

Question:
I have a certificate on my server through a public CA. When connecting to my server via FTP over SSL, I get the warning box "The server's certificate is not known...". It does show the correct Organization information but this still shows up. The message further states "Summary: Unable to get local issuer certificate. The error occurred at a depth of 2 in the certificate chain.".

Is there a way to configure either WinSCP or the certificate on the server side so that the certificate is accepted without this prompt? I have clients that see that box and it raises a red flag to them as a possible security flaw.

In researching, a site admin for the FileZilla client said that FileZilla will always prompt even when it is a public certificate. I get a very similar message when testing with FileZilla.

Thanks!

So what do you want WinSCP to do?
Is the certificate of the public CA stored in the Windows certificate storage?
Or do you expect WinSCP to verify the key online somehow?

Thanks for the reply.

The certificate I'm using is from trusted root CA - yes.

In other words if I used the same cert on a web site instead of an FTPs site, going to that web page would show as trusted with the lock and the cert ID and all that and wouldn't issue any prompts such as 'not known' - and it would work that way on all platforms not just Windows. The same way you go to any SSL site for a bank or a merchant without being prompted (unless of course the cert was not from a trusted CA or wrong name or expired or something obviously).

This request has been added to the tracker:
https://winscp.net/tracker/1063

I have sent you an email with a development version of WinSCP to address you have used to register on this forum.