Topic "Disabling Revocation List checking in WinSCP for server behind a firewall"

Author Message
Rajbains
[View user's profile]

Joined: 2016-12-08
Posts: 3
Location: BC, Canada
Martin, I am using WinSCP for FTPS against a mainframe and as per https://winscp.net/forum/viewtopic.php?t=24203 post /ini=nul helped with disabling the directory caching feature. All works good when my machine has internet access but when I run on some servers behind a firewall, WinSCP can't check the CRL and gives me "Continue connecting and store the certificate?" prompt. I can say "Yes" to the prompt and it works fine. Given that I am using /ini=nul, it can't save the cert info, so I get prompted every time and can't automate my scripts.

So looks like /ini=winscp.ini (https://winscp.net/forum/viewtopic.php?t=6924) solution won't work for me as I am disabling caching with /ini=nul. My expectation about CRL is similar to this https://winscp.net/forum/viewtopic.php?t=24120.

I have done some research and it seems that CRL checking is an application level responsibility, so this is why I suppose WinSCP is doing it and this behavior can't be altered via any server level setting. Some people talk about IE setting, but I can't see that impacting how WinSCP checks for CRL.

In my case, if I am able to disable CRL checking and keep using /ini=nul, that would be perfect, but as this might not be possible, is there any way to use /ini=winscp.ini and then disable directory caching and keep the certificate caching part?

Thanks
Rajbains
[View user's profile]

Joined: 2016-12-08
Posts: 3
Location: BC, Canada
-certificate switch did the trick - https://winscp.net/eng/docs/scriptcommand_open#certificate.

open ftps://user:password@hostName:21 -explicit -certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25748
Location: Prague, Czechia
Thanks for your suggestion. Will consider this.
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License