FTPS connection

Hi,

I am trying to connect VISA OFD server via WinSCP beta version. I am unable to store client certificate provided by VISA.

Below are the error getting when load the certificate.

error:0906D06C:PEM routines:PEM_read_bio:no start line.

As per visa they are saying we are unable to represent certificate to their server. Kindly help how can I store certificate which in .P7B format and txt and crt.

How does the file look like? Can you post it here? Of course, replace the secret parts.

Hi,

They have provide signed client certificate and ask to change file extension from TXT TO P7B. The File contain contains the signed certificate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.

Hi

I have uploaded file type. Request you please check

Regards
Keshab

WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?

Dear Sir,

The have provided signed client certificate and Root CA cert/Intermediate VICA3 SHA-1 and Intermediate VICA3 SHA-2 which we installed in our FTPS server on windows server 2012.

all together they have provided 4 certificate

Regards
Keshab

So you believe there's a private key in the file you have attached to your post?

Hi,

Please allow me sometime. I will ask VISA about private and public key. Will update you.

Hi,

we have installed all the certificate in Windows Server certificate under personal folder and intermediate folder.

Do I need to define certificate in WinSCP also to represent certificate? Or WinSCP itself ask for connectivity?

WinSCP does not use Windows certificate store for client certificates.

You have to export your private key to one of the supported formats:
https://winscp.net/eng/docs/tls#client_certificate
and configure WinSCP session to use the file.

Hi,

private key is save in same FTPS server and we have signed public key provided by remote site.

Do we need to configure both certificate in WINSCP..

I tried to change private key format on mention format but unable to load in winscp..Below are the details provided by remote site.

We are pleased to inform you that VISA has processed your OFD/FTPS Client Certificate Request.

The signed client certificate is attached. Please update the attached file’s extension from TXT to P7B. This file contains the signed certificate as well as the Intermediate and Root certificates.

Serial No.: ‎10 1d 5c 1d e5 08 1a f2 0d a7 09 1a b7 a3 68 59
Subject DN
CN = nepsftps.local
OU = NEPS
O = NEPAL ELECTRONIC PAYMENT SYSTEM
C = NP
S = KATHMANDU
L = NAXAL
Valid From: ‎‎‎ ‎ ‎Monday, ‎February ‎22, ‎2016
Valid Until: ‎‎ ‎ ‎Friday, ‎February ‎22, ‎2019

...

Kindly help which file do we need to mention in winscp.

Appreciate your kind help on this.

Hi,

we have separate private key and public key format. I have attached both private and public for your review. Kindly check below error while loading public certificate under TLS/SSL option. Please advise

error:0906D06C:PEM routines:PEM_read_bio:no start line

There's nothing attached. Please try again.

private and public key attached for your review.

while represent certificate do we require private key also.. we are unable to load .crt format certificate in winscp and getting same above error.

Again, there's nothing attached.

If you have problems attaching the files, please email them to me.

You will find my address in my forum profile (after you login in).

pleae check email.

The file you have forwarded me contains a public key only (the section BEGIN CERTIFICATE ... END CERTIFICATE).

It's also indicated by the .cer extension, which is used for public keys. That's why WinSCP does not show the .cer files when browsing for the client certificate.

Hi

Please find the attached error shot. we are not able to load certificate .cer format. can you please advise.

I've meant .cer in my previous post (the .crt was a typo, though they are interchangeable).

Again, it's a public key, that's why you cannot load it. You need a private key. Private keys typically have .pfx, .p12, .key or .pem extensions (though some files with these extension may contain a public key only).