SSL3 alert read: fatal: unknown CA

Advertisement

Guest

SSL3 alert read: fatal: unknown CA

Hi,
I'm new to WinSCP, trying to automate file copy using FTPS and replacing a FileZilla client I'm using manually right now.
I have the same issue in GUI and script.
Target FTP is a Synology. Error is :
SSL3 alert read: fatal: unknown CA
TLS connect: error in error
Can't establish TLS connection
Can't establish TLS connection
Connection failed.
1/ From GUI
1.png

2 / From PowerShell code it's the same. (I've uploaded the log file)
try
{
    # Load WinSCP .NET assembly
    Add-Type -Path "C:\Scripts\WinSCP-5.17.6-Automation\WinSCPnet.dll"
 
    # Setup session options
    $sessionOptions = New-Object WinSCP.SessionOptions -Property @{
       Protocol = [WinSCP.Protocol]::Ftp
       FtpMode = [WinSCP.FtpMode]::Passive
       HostName = "MyFQDN"
       UserName = "myUserName"
       Password = "Mypassword"
       FtpSecure = [WinSCP.FtpSecure]::Explicit
       TlsClientCertificatePath = "C:\Scripts\certificate.pfx"
       TlsHostCertificateFingerprint = "xx:xx:xx:xx:xx:xx:xx:xx:xx"
       PrivateKeyPassphrase = "xxx"
    }
 
    $session = New-Object WinSCP.Session
 
    try
    {
       $session.SessionLogPath = "C:\Scripts\WinSCP_NET.log"
        # Connect
        $session.Open($sessionOptions)
 
        # Get list of matching files in the directory
        $files =
            $session.EnumerateRemoteFiles(
                $remotePath, $wildcard, [WinSCP.EnumerationOptions]::None)
 
        # Any file matched?
        if ($files.Count -gt 0)
        {
            foreach ($fileInfo in $files)
            {
                Write-Host ("$($fileInfo.Name) with size $($fileInfo.Length), " +
                    "permissions $($fileInfo.FilePermissions) and " +
                    "last modification at $($fileInfo.LastWriteTime)")
            }
        }
        else
        {
            Write-Host "No files matching $wildcard found"
        }
    }
    finally
    {
        # Disconnect, clean up
        $session.Dispose()
    }
 
    exit 0
}
catch
{
    Write-Host "Error: $($_.Exception.Message)"
    exit 1
}
Reference I've checked :
Troubleshooting Connection Issues: https://winscp.net/eng/docs/troubleshooting#connection
https://winscp.net/eng/docs/tls and https://winscp.net/eng/docs/guide_connect

It's seems that I'm missing trusted root CA si i've added Root and intermediate CA certificates to my Synololy and the client server - Both Server certificate and Client certificate are delivered from Public CA.

Result was still the same error message so

3/ I have also tried WINSCP command line
PS C:\Scripts> & "C:\program files (x86)\winscp\winscp.com" /command `"option batch abort`" `"option confirm off`" `"open ftpes://UserName:MySecret@test.mycompany.com -passive=on -certificate='"xx:xx:xx:xx:xx:xx:xx:xx:"' -clientcert="C:\Scripts\cert.pfx" -passphrase="MySecret" -rawsettings FtpForcePasvIp=1 portnumber=21`" `"dir`" `"exit`"
Result is still
La connexion a échouée.
SSL3 alert read: fatal: unknown CA
TLS connect: error in error
Connexion SSL impossible à établir
Déconnecté du serveur
La connexion a échouée.
Thanks for your help

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,262
Location:
Prague, Czechia

Re: SSL3 alert read: fatal: unknown CA

The error probably refers to your client certificate, not to the server certificate. How did you generate the client certificate? Can you share a new certificate (without any privileges) generated the same way?

Reply with quote

Advertisement

You can post new topics in this forum