Topic "FTPS CONNECTION"

Author Message
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
Hi,

I am trying to connect VISA OFD server via winscp beta version. i am unable to store cleint certificate provided by VISA.

Below are the error getting when load the certificate.

error:0906D06C:PEM routines:PEM_read_bio:no start line.

As per visa they are saying we are unable to represent certificate to their server.Kindly help how can i store certificate which in .P7B format ant txt and crt.
Advertisements
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
How does the file look like? Can you post it here? Of course, replace the secret parts.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
prikryl wrote:
How does the file look like? Can you post it here? Of course, replace the secret parts.



Hi,

They have provide signed cleint certificate and ask to change file extension from TXT TO P7B. The FIle contain contains the signed certifiacate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.
nepsftps.local.txt (4.17 KB) Private file

Description: (none)

mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
mkeshab wrote:
prikryl wrote:
How does the file look like? Can you post it here? Of course, replace the secret parts.



Hi,

They have provide signed cleint certificate and ask to change file extension from TXT TO P7B. The FIle contain contains the signed certifiacate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.



Hi Any update... Appreciate your kind help on this.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
prikryl wrote:
How does the file look like? Can you post it here? Of course, replace the secret parts.



Hi

I have uploaded file type. Request you please check


Regards
Keshab
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
can you please check the file . I have uploaded.


Regards
Keshab
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?
Guest




Dear Sir,

The have provided signed client certificate and Root CA cert/Intermediate VICA3 SHA-1 and Intermediate VICA3 SHA-2 which we installed in our FTPS server on windows server 2012.

all together they have provided 4 certificate


Regards
Keshab
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
So you believe there's a private key in the file you have attached to your post?
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
Hi,

please allow me somttime. I will ask VISA about private and public key. will update you
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
Hi,

we have installed all the certificate in windows server certificate under personal folder and intermediate folder.

do i need to define certificate in winscp also to represent certificate ? or winscp itself ask for connectivity ?
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
WinSCP does not use Windows certificate store for client certificates.

You have to export your private key to one of the supported formats:
https://winscp.net/eng/docs/tls#client_certificate
and configure WinSCP session to use the file.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
Hi,

private key is save in same ftps server and we have signed public key provided by remote site.

do we need to configure both certificate in WINSCP..

I tried to change private key format on mention format but unable to load in winscp..Below are the details provided by remote site.

We are pleased to inform you that VISA has processed your OFD/FTPS Client Certificate Request.

The signed client certificate is attached. Please update the attached file’s extension from TXT to P7B. This file contains the signed certificate as well as the Intermediate and Root certificates.

Serial No.: ‎10 1d 5c 1d e5 08 1a f2 0d a7 09 1a b7 a3 68 59
Subject DN
CN = nepsftps.local
OU = NEPS
O = NEPAL ELECTRONIC PAYMENT SYSTEM
C = NP
S = KATHMANDU
L = NAXAL
Valid From: ‎‎‎ ‎ ‎Monday, ‎February ‎22, ‎2016
Valid Until: ‎‎ ‎ ‎Friday, ‎February ‎22, ‎2019

This certificate will expire on the “Valid Until Date” indicated above. Please initiate the request with CertEast@visa.com mailbox for a new replacement certificate before expiry. It’s recommended you make a record of the certificate installation process as internal reference for future certificate replacements.

The root CA and issuing CA certificates for the VICA3 Production environment are located at:
Root CA cert - http://enroll.visaca.com/VisaInfoDeliveryRootCA.crt
Intermediate VICA3 SHA-1 http://enroll.visaca.com/VICA3.crt
Intermediate VICA3 SHA-2 http://enroll.visaca.com/VICA32.crt


Kindly help which file do we need to mention in winscp.

Appreciate your kind help on this.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
prikryl wrote:
WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?



Hi,

we have separate private key and public key format . I have attached both private and public for your review. Kindly check below error whilc loading public certificate under TLS/SSL option.Please advise


error:0906D06C:PEM routines:PEM_read_bio:no start line





review and
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
There's nothing attached. Please try again.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
private and public key attached for your review.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
while represent certificate do we require private key also.. we are unable to load .crt format certificate in winscp and getting same above error.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Again, there's nothing attached.

If you have problems attaching the files, please email them to me.

You will find my address in my forum profile (after you login in).
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
pleae check email.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
The file you have forwarded me contains a public key only (the section BEGIN CERTIFICATE ... END CERTIFICATE).

It's also indicated by the .cer extension, which is used for public keys. That's why WinSCP does not show the .cer files when browsing for the client certificate.
mkeshab
[View user's profile]

Joined: 2016-04-05
Posts: 14
Hi

Please find the attached error shot. we are not able to load certificate .cer format. can you please advise.
error.png (149.57 KB) [Download]

Description: (none)

martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
I've meant .cer in my previous post (the .crt was a typo, though they are interchangeable).

Again, it's a public key, that's why you cannot load it. You need a private key. Private keys typically have .pfx, .p12, .key or .pem extensions (though some files with these extension may contain a public key only).
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License