Windows Certificate Store not checked - WinSCP 5.13

Advertisement

Guest

Windows Certificate Store not checked - WinSCP 5.13

Hello everyone,
when I want to establish a connection to a WebDAVs-Server I get the message "Certificate not trusted / Dem Zertifikat wird nicht vertraut." The Root-CA and the Intermediate-CA of the certificate is stored in the Windows Certificate Store. So it looks like the Windows Cert. Store has not been checked. How can I provide the Root-CA to WinSCP?

. 2018-09-24 17:25:51.867 Die Details des Serverzertifikats folgen:
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Herausgeber:
. 2018-09-24 17:25:51.867 Let's Encrypt, US
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Betreff:
. 2018-09-24 17:25:51.867 xxxxServerxxxx
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Gültig: 17.07.2018 03:29:05 - 15.10.2018 03:29:05
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Fingerabdruck (SHA1): xxxxxxxxxxxxxxx
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Zusammenfassung: Dem Zertifikat wird nicht vertraut.
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Wenn Sie diesem Zertifikat vertrauen, drücken Sie Ja. Um die Verbindung herzustellen, ohne das Zertifikat zu speichern, drücken Sie Nein. Um die Verbindung abzubrechen, drücken Sie Abbrechen.
. 2018-09-24 17:25:51.867 
. 2018-09-24 17:25:51.867 Verbindung aufbauen und Zertifikat speichern? ()
. 2018-09-24 17:26:04.345 SSL certificate checks failed: Server certificate verification failed: issuer is not trusted
. 2018-09-24 17:26:04.345 sess: Closing connection.
. 2018-09-24 17:26:04.345 sess: Connection closed.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,504
Location:
Prague, Czechia

Re: Windows Certificate Store not checked - WinSCP 5.13

Can you provide us a hostname of your server, so that we can test it?

Reply with quote

Guest

Re: Windows Certificate Store not checked - WinSCP 5.13

martin wrote:

Can you provide us a hostname of your server, so that we can test it?
Hello Martin,
thank you for your Reply. I get this message in General, Independent of the Server I choose. For example: I also get this message on Server winscp.net on port 443.

The Code Looks as follows.
"C:\Program Files (x86)\WinSCP\WinSCP.com" ^
  /log="C:\..\log\WinSCP.log" /ini=nul ^
  /command ^
    "open davs://winscp.net/ -rawsettings ProxyMethod=3 ProxyHost=""10.1.2.3"" ProxyPort=3128" ^
....
...
"close" ^ 
exit

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,504
Location:
Prague, Czechia

Re: Windows Certificate Store not checked - WinSCP 5.13

Can you send me an email, so I can send you back a debug version of WinSCP to track the problem? Please include link back to this topic in your email. Also note in this topic that you have sent the email. Thanks.

You will find my address (if you log in) in my forum profile.

Reply with quote

Guest

solved

I set Debuglevel to 2 an got following message:
. 2018-10-12 08:01:21.895 Certificate failed to verify against Windows certificate store: Error: 80092013, Chain index: 0, Element index: 0
So I think the problem is the certificate revocation check of Windows. Windows has no internet-Access in this Scenario, so the CA cannot be checked for revocations of the Cert.

Reply with quote

Advertisement

krgan2022
Guest

the server's certificate is not known.

Hi ,

I am not able to send the files to AWS S3 bucket.

Error:
the server's certificate is not known. you have no guarantee that the server is the computer you think it is
WinSCP version 5.13

Please check and help me how to fix this issue or root cause of this issue.

Regards, Krishna

Reply with quote

martin
Site Admin
martin avatar

Re: the server's certificate is not known.

@krgan2022: Please start by upgrading to the latest version of WinSCP. If that does not help, please post session log file.

Reply with quote

Advertisement

You can post new topics in this forum