No problems with WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 the problem appeared.
Rolling back to WinSCP 5.9.1 solves the problem.
I have a pkcs12 file which has private key and certificate with chain certificates in it.
It was created using the command:
openssl pkcs12 -export -inkey <private_key_file>.key -in <you_cert_file_with_chain>.pem -out certificate_client_nopass.pkcs12.pfx -name <some_friendly_name_here>
So I have certificate_client_nopass.pkcs12.pfx file which is not encrypted with the password.
I start like:
winscp.com /ini=nul /script="FTPS_Script.txt"
FTPS_Script.txt has something like:
open ftpes://user:pass@ip:port/ -passive=on -explicit -certificate="*" -clientcert="certificate_client_nopass.pkcs12.pfx" -rawsettings CacheDirectories=0 CacheDirectoryChanges=0 FtpForcePasvIp2=0 FtpPingInterval=10 FtpListAll=1 SslSessionReuse=0 MinTlsVersion=12 -timeout=999
It is working perfect in WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 it doesn't work any more.
WinSCP begins to write message in LOG file:
. 2016-12-08 14:54:43.011 Certificate is encrypted, need passphrase
I will attach two logs file in next message.
<you_cert_file_with_chain>.pem file looks like:
subject=/L=Moscow/ST=Moscow/C=RU/O=Maxim/OU=Test/CN=test.com issuer=/C=US/O=COMPANE/OU=Service Association/CN=External CA -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/C=US/O=COMPANE/OU=Service Association/CN=External CA issuer=/C=US/O=COMPANE/OU=Service Association/CN=Root CA -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/C=US/O=COMPANE/OU=Service Association/CN=Root CA issuer=/C=US/O=COMPANE/OU=Service Association/CN=Root CA -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----