SSL certificate support for FTPS

Advertisement

faruxx
Joined:
Posts:
8
Location:
Turkey

SSL certificate support for FTPS

Hi,

Will you add ssl cert support? I can't add our certs for connection.

I can add other ftp client, but i dont want use it. winscp is best for me 8)

abcx.JPG

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Thanks

I have sent you an email.
_________________
Martin Prikryl

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Thanks

I have sent you an email with a development version for testing.

Reply with quote

Advertisement

hniland
Joined:
Posts:
2
Location:
Arnhem, The Netherlands

Re: Thanks

martin wrote:

I have sent you an email with a development version for testing.

Hi,
I'm busy with the same issue.
Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?

Thank,s
Henk Niland

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Thanks

hniland wrote:

Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?
Sent. I appreciate any feedback.
_________________
Martin Prikryl

Reply with quote

hniland
Joined:
Posts:
2
Location:
Arnhem, The Netherlands

Re: Thanks

martin wrote:

hniland wrote:

Need a Client with Certificate Authentication (and User/Password) on a FTPS connection.
Could I get a version with these options available please?
Sent. I appreciate any feedback.

Hi, thank's
allthough I haven't recieved it yet.
If you've sent the program itself rather then a link, it is probably halted by our security scanner on the mail.
It will take some time to get it released, so I can use it.
As soon as I've got it, I will let you know if it works allright.
Greetings,
Henk.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Thanks

It's just a link. I've resent it. Maybe you get this time.
_________________
Martin Prikryl

Reply with quote

yayitza
Joined:
Posts:
1

Cert authentication

Hi,

Can I get a this too? I need to connect to an FTP that requires certificate authentication.

thanks!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Cert authentication

yayitza wrote:

Can I get a this too? I need to connect to an FTP that requires certificate authentication.
Sent.
_________________
Martin Prikryl

Reply with quote

clemensh
Joined:
Posts:
6

Re: Cert authentication

Hi,

can you send it to me, too? Would be great!
By the way, when is release date für 5.8?

Thank you very much!

ch

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Cert authentication

clemensh wrote:

can you send it to me, too? Would be great!
By the way, when is release date für 5.8?
Sent.
We do not give any dates. But it won't be soon.

Reply with quote

johnasd@hotmail.com
Joined:
Posts:
1

SSL certificate support for FTPS

Hi
I am very interested in testing the FTPS certificate functionality.
Would it be possible to receive a link to the development version?

Thanks!
John

Reply with quote

TheDoctor
Joined:
Posts:
1

Request for Version with FTPS Client Certificate Support

May I please get the development version with client certificate support for FTPS as well?

Thanks a lot!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: SSL certificate support for FTPS

Sent to both of you.

Reply with quote

Advertisement

johnasd
Guest

SSL certificate support for FTPS

Thank you!
One question, what would the command switch to specify the certificate file and passphrase?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: SSL certificate support for FTPS

See help open.
It's -clientcert and -passphrase.
Though in your build it was -clientcertificate.
I'm sending you the latest build that will match a future production version.

Reply with quote

JMisset
Joined:
Posts:
3

Hi,

Could you also give me a link to the development version? I would also very much like to try this feature.

THanks in advance!

Jasper

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

JMisset wrote:

Could you also give me a link to the development version? I would also very much like to try this feature.
Sent.

Reply with quote

Advertisement

JAllison
Joined:
Posts:
1
Location:
Troy, MI

martin wrote:

JMisset wrote:

Could you also give me a link to the development version? I would also very much like to try this feature.
Sent.

A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

JAllison wrote:

A vendor of ours is requiring certificate authentication. Would it be possible to send me a link to the development version to test out? Thanks so much if you can!
Sent.

Reply with quote

clemensh
Joined:
Posts:
6

Re: SSL certificate support for FTPS

martin wrote:

See help open.
It's -clientcert and -passphrase.
Though in your build it was -clientcertificate.
I'm sending you the latest build that will match a future production version.

Can you please send me this version, too? I will need the correct console commands in future. Thanks!

Reply with quote

JMisset
Joined:
Posts:
3

martin wrote:

JMisset wrote:

Could you also give me a link to the development version? I would also very much like to try this feature.
Sent.

Thanks! Enjoying it so far :)! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: SSL certificate support for FTPS

clemensh wrote:

Can you please send me this version, too? I will need the correct console commands in future. Thanks!
Sent.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

JMisset wrote:

Thanks! Enjoying it so far :)! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?
Did you consider saving the certificate without passphrase?

Reply with quote

JMisset
Joined:
Posts:
3

martin wrote:

JMisset wrote:

Thanks! Enjoying it so far :)! Nice work.

Just one question.. Every time I set up a connection it asks me for the client certificate password. Is there a way to make WinSCP remember it?
Did you consider saving the certificate without passphrase?

Do you mean removing the passphrase from the certificate? Im afraid that this is not an option for me..

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

JMisset wrote:

Do you mean removing the passphrase from the certificate? Im afraid that this is not an option for me..
Why? The point of the passphrase is to have the key protected. Yet, you are willing to have WinSCP remember the password, effectively breaking this. What's the difference?

Reply with quote

Advertisement

Marty
Joined:
Posts:
4

test certificate authentication

I'd also like to test certificate authentication. Could you send me a portable 5.8 dev build as well, please? (or point me to a location where I can download it myself)?

Reply with quote

rlstreet
Joined:
Posts:
1
Location:
The Netherlands

Re: test certificate authentication

martin wrote:

Sent.

Could you also give me a link to the development version?

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

jdantzler wrote:

I'd like to test it out too if possible? Thanks.
Sent.

Reply with quote

Marty
Joined:
Posts:
4

What kind of certificate and private key format is WinSCP execting?

What kind of certificate and private key format is WinSCP (version 20150710r) expecting?

When I try it with openssh generated keys, I get the following:
winscp> open sftp://marty@10.0.0.2 -clientcert=G:\Keystore\client_key-cert.pub -privatekey=G:\Keystore\client_key
Searching for host...
Connecting to host...
Authenticating...
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".
Disconnected: No supported authentication methods available (server sent: publickey)
Authentication log (see session log for details):
Unable to use key file "G:\Keystore\client_key" (OpenSSH SSH-2 private key)
Using username "marty".

Authentication failed.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: What kind of certificate and private key format is WinSCP execting?

Marty wrote:

What kind of certificate and private key format is WinSCP (version 20150710r) expecting?
The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.

For SSH/SFTP, you use private keys, which WinSCP always supported (-privatekey).

You just have to convert the key to .ppk format.

Use PuTTYgen:
https://winscp.net/eng/docs/ui_puttygen

Reply with quote

Marty
Joined:
Posts:
4

Re: What kind of certificate and private key format is WinSCP execting?

martin wrote:


The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.
I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with:
sftp -i <client_key> marty@10.0.0.2

The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: What kind of certificate and private key format is WinSCP execting?

Marty wrote:

martin wrote:


The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.
I'm trying to make an SFTP connection with a server signed client certificate.
I've already tested it, and it works on Linux with:
sftp -i <client_key> marty@10.0.0.2

The Linux sftp client expects the following naming convention in order for the client to pick up the certificate and its complementary private key:
<client_key> (private key)
<client_key>.pub (public key)
<client_key>-cert.pub (CA signed public key)

How does it work with WinSCP (version 20150710r)?
I expect it will be needing access to the certificate and its private key.
How do I have to supply those?
(BTW The SFTP server only allows authentication with client certificates.)
That's a proprietary extension of OpenSSH server.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys
WinSCP does not support this.
There are no client certificates in proper SSH.

Reply with quote

Marty
Joined:
Posts:
4

Re: What kind of certificate and private key format is WinSCP execting?

martin wrote:

martin wrote:


The client certificates are for TLS/SSL (FTPS, WebDAVS), not for SSH/SFTP.
That's a proprietary extension of OpenSSH server.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys
WinSCP does not support this.
There are no client certificates in proper SSH.
What a pity. It works like a charm.

I read the following:

http://www.differencebetween.net/technology/difference-between-ssh-and-ssl/ wrote:


SSL means “Secure Sockets Layer”. Many protocols — like HTTP, SMTP, FTP, and SSH ‘“ were adjusted to include the support of SSL. Basically, it works as a tier in a certain protocol to provide cryptographic and security functions.

The combination of certificates and SSH is very powerful. There is no need any more for users to copy their public keys to the server. The Certificate issuer (CA / signer) can make the certificate valid for a limited time period. SSH options can be allowed or disallowed per certificate. It's great.

Reply with quote

Advertisement

BCH
Joined:
Posts:
1
Location:
France

Hello,

I also am working on a particular use case with a need for client certs on implicit FTPS connections.

If possible, I'd like to test the 5.8 version for our particular case : cert and its key are located either on a smart-card, or a USB dongle.

Thanks a lot !

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

BCH wrote:

If possible, I'd like to test the 5.8 version for our particular case : cert and its key are located either on a smart-card, or a USB dongle.
WinSCP supports file certificates only.
Anyway, I have sent you an email with a development version of WinSCP to address you have used to register on this forum.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

ftpuser wrote:

Hi Can I have the dev version also as I have a need for this via c#. Thanks
Sent.

Reply with quote

Advertisement

Tom VS
Joined:
Posts:
1

Pls send dev version.

Hi prikryl,

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.

Thanks,
Tom

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
28,542
Location:
Prague, Czechia

Re: Pls send dev version.

Tom VS wrote:

Can you please send me the 5.8 dev version too for the same reason FTPS with certs.
Sent.

Reply with quote

Advertisement

You can post new topics in this forum