Certificate Issues with WinSCP.com but not with WinSCP.exe

Advertisement

tommcmaster
Joined:
Posts:
2

Certificate Issues with WinSCP.com but not with WinSCP.exe

Hi,
I have a Powershell script which runs winscp.com and supplies a number of arguments, including login details for an FTPS account on a remote server. When I use the GUI to connect to the account, it works correctly but originally gave me an error message stating the server's certificate was not known and asking me to continue, to which I said yes. It appears to have remembered my preference and connects successfully each time.

When I use my Powershell script to run winscp.com using the same login details, the same error message appears in my log each time, to which winscp.com times out and chooses not to proceed as it doesn't know the certificate is valid.

Can someone point me to why the winscp.com aspect of the application wouldn't remember the certificate if I had chosen to proceed within the GUI? I have checked that the fingerprint of the certificates are exactly the same and the user running both the gui and the script is the same.

Thanks in advance for your help and time.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,442
Location:
Prague, Czechia

Re: Certificate Issues with WinSCP.com but not with WinSCP.exe

You have probably instructed winscp.com not to use the GUI configuration using /ini switch (what is recommended).
In scripting, use the -certificate switch to provide a fingerprint of the expected certificate.
See https://winscp.net/eng/docs/scripting#hostkey

Btw, in PowerShell, you better use WinSCP .NET assembly.
https://winscp.net/eng/docs/library_powershell

Reply with quote

tommcmaster
Joined:
Posts:
2

Re: Certificate Issues with WinSCP.com but not with WinSCP.exe

Hi Martin,

Thanks for your reply. You're correct, the /ini switch is set to be /ini=null in the arguments we pass to winscp.com.

We have used -certificate as a work-around but I don't understand why the winscp.com part of the application was previously connecting seamlessly, and now asks us if we trust the certificate we present to it each time. Is there a significance between fingerprints on port 990 and 21? Both are in our registry but winscp.com continues to ask us to confirm we trust them.

Is there a way to have the winscp.com portion remember the Y choice for the certificate?

Thanks,

Tom.

Reply with quote

martin
Site Admin
martin avatar

Re: Certificate Issues with WinSCP.com but not with WinSCP.exe

I can hardly answer, why it was working differently before. Something must have changed, either your script or the certificate.

I do not understand your last question about "remembering Y". That's what the -certificate is for.

Reply with quote

Advertisement

You can post new topics in this forum