FTPS CONNECTION

Hi,

I am trying to connect VISA OFD server via winscp beta version. i am unable to store cleint certificate provided by VISA.

Below are the error getting when load the certificate.

error:0906D06C:PEM routines:PEM_read_bio:no start line.

As per visa they are saying we are unable to represent certificate to their server.Kindly help how can i store certificate which in .P7B format ant txt and crt.

How does the file look like? Can you post it here? Of course, replace the secret parts.

martin wrote:

How does the file look like? Can you post it here? Of course, replace the secret parts.

Hi,

They have provide signed cleint certificate and ask to change file extension from TXT TO P7B. The FIle contain contains the signed certifiacate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.

mkeshab wrote:

martin wrote:

How does the file look like? Can you post it here? Of course, replace the secret parts.

Hi,

They have provide signed cleint certificate and ask to change file extension from TXT TO P7B. The FIle contain contains the signed certifiacate as well as the intermediate root certificate which we had installed in windows server 2012 R2.

Incoming connection to our server fine mean they are able to connect to our server but we are unable to connect on visa server.

Hi Any update... Appreciate your kind help on this.

martin wrote:

How does the file look like? Can you post it here? Of course, replace the secret parts.

Hi

I have uploaded file type. Request you please check


Regards
Keshab

can you please check the file . I have uploaded.


Regards
Keshab

WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?

Dear Sir,

The have provided signed client certificate and Root CA cert/Intermediate VICA3 SHA-1 and Intermediate VICA3 SHA-2 which we installed in our FTPS server on windows server 2012.

all together they have provided 4 certificate


Regards
Keshab

So you believe there's a private key in the file you have attached to your post?

Hi,

please allow me somttime. I will ask VISA about private and public key. will update you

Hi,

we have installed all the certificate in windows server certificate under personal folder and intermediate folder.

do i need to define certificate in winscp also to represent certificate ? or winscp itself ask for connectivity ?

WinSCP does not use Windows certificate store for client certificates.

You have to export your private key to one of the supported formats:
https://winscp.net/eng/docs/tls#client_certificate
and configure WinSCP session to use the file.

Hi,

private key is save in same ftps server and we have signed public key provided by remote site.

do we need to configure both certificate in WINSCP..

I tried to change private key format on mention format but unable to load in winscp..Below are the details provided by remote site.

We are pleased to inform you that VISA has processed your OFD/FTPS Client Certificate Request.

The signed client certificate is attached. Please update the attached file’s extension from TXT to P7B. This file contains the signed certificate as well as the Intermediate and Root certificates.

Serial No.: ‎10 1d 5c 1d e5 08 1a f2 0d a7 09 1a b7 a3 68 59
Subject DN
CN = nepsftps.local
OU = NEPS
O = NEPAL ELECTRONIC PAYMENT SYSTEM
C = NP
S = KATHMANDU
L = NAXAL
Valid From: ‎‎‎ ‎ ‎Monday, ‎February ‎22, ‎2016
Valid Until: ‎‎ ‎ ‎Friday, ‎February ‎22, ‎2019

This certificate will expire on the “Valid Until Date” indicated above. Please initiate the request with CertEast@visa.com mailbox for a new replacement certificate before expiry. It’s recommended you make a record of the certificate installation process as internal reference for future certificate replacements.

The root CA and issuing CA certificates for the VICA3 Production environment are located at:
Root CA cert - https://enroll.visaca.com/VisaInfoDeliveryRootCA.crt
Intermediate VICA3 SHA-1 https://enroll.visaca.com/VICA3.crt
Intermediate VICA3 SHA-2 https://enroll.visaca.com/VICA32.crt


Kindly help which file do we need to mention in winscp.

Appreciate your kind help on this.

martin wrote:

WinSCP does not support P7B format.
And anyway, your file contains a public key only.
You have to have a private key to authenticate. And I believe that P7B format cannot contain private key at all. It makes it pointless for authentication.
Are you sure that this is a client certificate?

Hi,

we have separate private key and public key format . I have attached both private and public for your review. Kindly check below error whilc loading public certificate under TLS/SSL option.Please advise


error:0906D06C:PEM routines:PEM_read_bio:no start line





review and

There's nothing attached. Please try again.

private and public key attached for your review.

while represent certificate do we require private key also.. we are unable to load .crt format certificate in winscp and getting same above error.

Again, there's nothing attached.

If you have problems attaching the files, please email them to me.

You will find my address in my forum profile (after you login in).

pleae check email.

The file you have forwarded me contains a public key only (the section BEGIN CERTIFICATE ... END CERTIFICATE).

It's also indicated by the .cer extension, which is used for public keys. That's why WinSCP does not show the .cer files when browsing for the client certificate.

Hi

Please find the attached error shot. we are not able to load certificate .cer format. can you please advise.

I've meant .cer in my previous post (the .crt was a typo, though they are interchangeable).

Again, it's a public key, that's why you cannot load it. You need a private key. Private keys typically have .pfx, .p12, .key or .pem extensions (though some files with these extension may contain a public key only).