FTPS connection gives Windows certificate store error: 800B0109

Advertisement

guest123456
Guest

FTPS connection gives Windows certificate store error: 800B0109

I try to connect to an FTP over TLS (FTPS) but I get the error below... I have no clue how to troubleshoot this... using
GiveUpSecurityAndAcceptAnyTlsHostCertificate
helps connecting but when enumerating the folder I get another error:
Error listing directory '/'.
TLS connect: failed in SSLv3 read finished A
Can't establish TLS connection
Could not retrieve directory listing

I also don't want to use
GiveUpSecurityAndAcceptAnyTlsHostCertificate
of course.

Can anyone help or point me in the right direction please?

. Connecting to ftps.company.com:port ...
. Connected with ftps.company.com:port, negotiating TLS connection...
< 220 Microsoft FTP Service
> AUTH TLS
< 234 AUTH command ok. Expecting TLS Negotiation.
. Verifying certificate for "company Anon" with fingerprint 15:38:22:e9:92:78:c4:ac:95:54:88:8b:11:7e:dd:5a:ff:9a:8b:45 and 19 failures
. Certificate common name "*.company.com" matches hostname
. Certificate failed to verify against Windows certificate store: Error: 800B0109, Chain index: 0, Element index: -1
. Asking user:
. **The server's certificate is not known. You have no guarantee that the server is the computer you think it is.**
.
. Server's certificate details follow:
.
. Issuer:
. - Organization: clientCompany, SSL Inspection, it@clientCompany.com
.
. Subject:
. - Organization: company Anon, *.company.com
.
. Valid: 12/01/2018 17:30:54 - 1/04/2021 9:55:08
.
. Fingerprint (SHA-1): 15:38:22:e9:92:78:c4:ac:95:54:88:8b:11:7e:dd:5a:ff:9a:8b:45
.
. Summary: Self-signed certificate in certificate chain. The error occurred at a depth of 4 in the certificate chain.
.
. If you trust this certificate, press Yes. To connect without storing certificate, press No. To abandon the connection press Cancel.
.
. Continue connecting and store the certificate? ()
. Peer certificate rejected
. Disconnected from server
. Connection failed.

I connect as follows (this is also what WinSCP UI generated:

            SessionOptions = new SessionOptions
            {
                Protocol = Protocol.Ftp,
                HostName = hostName,
                PortNumber = portNumber,
                UserName = username,
                Password = password,
                FtpSecure = FtpSecure.Explicit,
                TlsHostCertificateFingerprint = ....,
            };

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,392
Location:
Prague, Czechia

Re: FTPS connection gives Windows certificate store error: 800B0109

It seems that you mix two different problems.
Can you post a full session log file?

Reply with quote

guest123456
Guest

I'm sorry I can't do that at the moment, maybe monday. But I was able to connect after upgrading to latest WinSCP version. I had to set the flag GiveUpSecurityAndAcceptAnyTlsHostCertificate to true. If false, I still get same error.

I'm happy it works with GiveUpSecurityAndAcceptAnyTlsHostCertificate on true...

Reply with quote

Advertisement

You can post new topics in this forum