Certificate error

Dear Martyn,

Im creating a new thread as per your suggesstion on the "Client Certificates FTP-SSL" thread.

1 - I have imported the certificate into winscp.
2 - i fireup the connection and try to connect.
3 - error thrown is :
Server asks for authentication with a client certificate.
Disconnected from server
Connection failed.

4 - Attaching Debug 2 logs.

Thank you for your support.

Thanks for the log. Can you authenticate with the same client certificate using any other FTP client?

martin wrote:

Thanks for the log. Can you authenticate with the same client certificate using any other FTP client?

Hello Martin,

i havent tried one to be honest. i will try one and let you know the result.

Nishant.

martin wrote:

Thanks for the log. Can you authenticate with the same client certificate using any other FTP client?

Hello Martin,

i tried to look for other clients but couldnt find much help with them as well.

i have been given a certificate with a .pem extension and when i try to use this i get an error error:0906D06C:PEM routines:PEM_read_bio:no start line from winscp.

Nishant.

Hello Martin,

after doing some reading i found that the pem certificate is not working mostly because it does not have a private key. i have merged the private key and the pem certificate (using mmc in windows) and have created a combined file.

i still get an error. im attaching the log.

Nishant.

WinSCP would not prompt you for a passphrase, has the file not contain a private key.

Did you try to talk to the server administrator?

Hello Martin,

i did speak to the other admin but they say its our issue. here is what is happening.

1 - we generated a csr from our IIS and sent it to the partner
2 - they sent back a pem file containing the signed certificate.
3 - i imported the signed certificate on our IIS. The partner is able to connect to our ftp using explicit mode.
4 - he says we can use the same signed certificate in our ftps client to connect to their server.
5 - when i try to use only the pem file with winscp i get the error "error:0906D06C:PEM routines:PEM_read_bio:no start line". This i presume is maybe becuase the file does not have a private key.
6 - i tried to combine our private key and the certificate sent by visa (from mmc chose both the ceritifcates and exported) and use the new file but that does not work (this is the log i posted). i dont even know what i did was right.
7 - in the above step when i export the certificate is when i am asked to make up a password for the exported file. this is the passphrase being prompted in the log.

Hope you should be able to point me in the right direction now.

Thanks
Nishant.

Sorry, but we are not able to tell why the server does not accept your certificate. That's something you have to solve with the server administrator.
Only one you can show us that the certificate indeed works (i.e. in a different FTP client), we can help you with setting it up in WinSCP.

Though the part, there you use the certificate on your server and then you use it in your client seems bit strange to me.

Hello Martin,

i was able to move a little further with the certs issue but am still stuck with the below error on winscp.

TLS connect: error in SSLv3 read server session ticket A
Can't establish TLS connection
Disconnected from server
Connection failed.

Post a complete log file.
Can you connect with any other FTPS client?