Forum » Feature Requests »

SSL certificate support for FTPS

Advertisement

faruxx
Joined:
Posts:
8
Location:
Turkey

SSL certificate support for FTPS

Hi,

Will you add SSL cert support? I can't add our certs for connection.

I can add other FTP client, but I dont want use it. WinSCP is best for me 8)

abcx.JPG

Reply with quote

Advertisement

Advertisement

hniland
Joined:
Posts:
2
Location:
Arnhem, The Netherlands

Re: Thanks

Hi,
I'm busy with the same issue.
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Thanks
Henk Niland

Reply with quote

hniland
Joined:
Posts:
2
Location:
Arnhem, The Netherlands

Re: Thanks

Hi, thanks
although I haven't received it yet.
If you've sent the program itself rather then a link, it is probably halted by our security scanner on the mail.
It will take some time to get it released, so I can use it.
As soon as I've got it, I will let you know if it works alright.
Greetings,
Henk.

Reply with quote

Advertisement

yayitza
Joined:
Posts:
1

Cert authentication

Hi,

Can I get a this too? I need to connect to an FTP that requires certificate authentication.

thanks!

Reply with quote

clemensh
Joined:
Posts:
6

Re: Cert authentication

Hi,

can you send it to me, too? Would be great!
By the way, when is release date für 5.8?

Thank you very much!
ch

Reply with quote

Advertisement

johnasd@hotmail.com
Joined:
Posts:
1

SSL certificate support for FTPS

Hi
I am very interested in testing the FTPS certificate functionality.
Would it be possible to receive a link to the development version?

Thanks!
John

Reply with quote

TheDoctor
Joined:
Posts:
1

Request for Version with FTPS Client Certificate Support

May I please get the development version with client certificate support for FTPS as well?

Thanks a lot!

Reply with quote

johnasd
Guest

SSL certificate support for FTPS

Thank you!
One question, what would the command switch to specify the certificate file and passphrase?

Reply with quote

Advertisement

JMisset
Joined:
Posts:
3

Hi,

Could you also give me a link to the development version? I would also very much like to try this feature.

Thanks in advance!
Jasper

Reply with quote

JAllison
Joined:
Posts:
1
Location:
Troy, MI

A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!

Reply with quote

Advertisement

JMisset

Thanks! Enjoying it so far :)! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?

Reply with quote

Advertisement

martin
Site Admin
martin avatar

@JMisset: Why? The point of the passphrase is to have the key protected. Yet, you are willing to have WinSCP remember the password, effectively breaking this. What's the difference?

Reply with quote

Marty
Joined:
Posts:
4

test certificate authentication

I'd also like to test certificate authentication. Could you send me a portable 5.8 dev build as well, please? (or point me to a location where I can download it myself)?

Reply with quote

Advertisement

Advertisement

Marty
Joined:
Posts:
4

What kind of certificate and private key format is WinSCP execting?

What kind of certificate and private key format is WinSCP (version 20150710r) expecting?

When I try it with OpenSSH generated keys, I get the following: 
winscp> open sftp://marty@10.0.0.2 -clientcert=G:\Keystore\client_key-cert.pub -privatekey=G:\Keystore\client_key
Searching for host...
Connecting to host...
Authenticating...
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".
Disconnected: No supported authentication methods available (server sent: publickey)
Authentication log (see session log for details):
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".

Authentication failed.

Reply with quote

Advertisement

Marty
Joined:
Posts:
4

Re: What kind of certificate and private key format is WinSCP execting?

martin wrote:

The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.
I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with: 
sftp -i <client_key> marty@10.0.0.2
The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,440
Location:
Prague, Czechia

Re: What kind of certificate and private key format is WinSCP execting?

@Marty: That's a proprietary extension of OpenSSH server.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
WinSCP does not support this.
There are no client certificates in proper SSH.
Edit 2024: It's supported now:
Issue 1873 – Support for OpenSSH certificates for user authentication

Reply with quote

Marty
Joined:
Posts:
4

Re: What kind of certificate and private key format is WinSCP execting?

@martin: What a pity. It works like a charm.

I read the following:
Difference between SSH and SSL | Difference Between | Difference between SSH vs SSL
SSL means “Secure Sockets Layer”. Many protocols — like HTTP, SMTP, FTP, and SSH ‘“ were adjusted to include the support of SSL. Basically, it works as a tier in a certain protocol to provide cryptographic and security functions.
The combination of certificates and SSH is very powerful. There is no need any more for users to copy their public keys to the server. The Certificate issuer (CA / signer) can make the certificate valid for a limited time period. SSH options can be allowed or disallowed per certificate. It's great.

Reply with quote

BCH
Joined:
Posts:
1
Location:
France

Hello,
I also am working on a particular use case with a need for client certs on implicit FTPS connections.

If possible, I'd like to test the 5.8 version for our particular case: cert and its key are located either on a smart-card, or a USB dongle.

Thanks a lot!

Reply with quote

Advertisement

martin
Site Admin
martin avatar

@BCH: WinSCP supports file certificates only.
Anyway, I have sent you an email with a development version of WinSCP to address you have used to register on this forum.

Reply with quote

Tom VS
Joined:
Posts:
1

Pls send dev version.

Hi prikryl,

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

Thanks,
Tom

Reply with quote

Advertisement

Advertisement

You can post new topics in this forum

Documentation

Support

Associations

Follow Us