FTPS connection

Advertisement

mkeshab
Joined:
Posts:
12

FTPS connection

Hi,

I am trying to connect VISA OFD server via WinSCP beta version. I am unable to store client certificate provided by VISA.

Below are the error getting when load the certificate.
error:0906D06C:PEM routines:PEM_read_bio:no start line.
As per visa they are saying we are unable to represent certificate to their server. Kindly help how can I store certificate which in .P7B format and txt and crt.

Reply with quote

Advertisement

mkeshab
Joined:
Posts:
12

Re: FTPS CONNECTION

Hi,

They have provide signed client certificate and ask to change file extension from TXT TO P7B. The File contain contains the signed certificate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.
  • nepsftps.local.txt (4.17 KB, Private file)

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
37,201
Location:
Prague, Czechia

Re: FTPS CONNECTION

WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?

Reply with quote

Advertisement

Guest

Dear Sir,

The have provided signed client certificate and Root CA cert/Intermediate VICA3 SHA-1 and Intermediate VICA3 SHA-2 which we installed in our FTPS server on windows server 2012.

all together they have provided 4 certificate

Regards
Keshab

Reply with quote

mkeshab
Joined:
Posts:
12

Hi,

we have installed all the certificate in Windows Server certificate under personal folder and intermediate folder.

Do I need to define certificate in WinSCP also to represent certificate? Or WinSCP itself ask for connectivity?

Reply with quote

Advertisement

mkeshab
Joined:
Posts:
12

Hi,

private key is save in same FTPS server and we have signed public key provided by remote site.

Do we need to configure both certificate in WINSCP..

I tried to change private key format on mention format but unable to load in winscp..Below are the details provided by remote site.

We are pleased to inform you that VISA has processed your OFD/FTPS Client Certificate Request.

The signed client certificate is attached. Please update the attached file’s extension from TXT to P7B. This file contains the signed certificate as well as the Intermediate and Root certificates.
Serial No.: ‎10 1d 5c 1d e5 08 1a f2 0d a7 09 1a b7 a3 68 59
Subject DN
CN = nepsftps.local
OU = NEPS
O = NEPAL ELECTRONIC PAYMENT SYSTEM
C = NP
S = KATHMANDU
L = NAXAL
Valid From: ‎‎‎ ‎ ‎Monday, ‎February ‎22, ‎2016
Valid Until: ‎‎ ‎ ‎Friday, ‎February ‎22, ‎2019

...
Kindly help which file do we need to mention in winscp.

Appreciate your kind help on this.

Reply with quote

mkeshab
Joined:
Posts:
12

Re: FTPS CONNECTION

Hi,

we have separate private key and public key format. I have attached both private and public for your review. Kindly check below error while loading public certificate under TLS/SSL option. Please advise
error:0906D06C:PEM routines:PEM_read_bio:no start line

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
37,201
Location:
Prague, Czechia

Again, there's nothing attached.

If you have problems attaching the files, please email them to me.

You will find my address in my forum profile (after you login in).

Reply with quote

Advertisement

martin
Site Admin
martin avatar

The file you have forwarded me contains a public key only (the section BEGIN CERTIFICATE ... END CERTIFICATE).

It's also indicated by the .cer extension, which is used for public keys. That's why WinSCP does not show the .cer files when browsing for the client certificate.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
37,201
Location:
Prague, Czechia

I've meant .cer in my previous post (the .crt was a typo, though they are interchangeable).

Again, it's a public key, that's why you cannot load it. You need a private key. Private keys typically have .pfx, .p12, .key or .pem extensions (though some files with these extension may contain a public key only).

Reply with quote

Advertisement

You can post new topics in this forum