Import un-verified FTPS certificates ?
Moderators: white, Hacker, petermad, Stefan2
Import un-verified FTPS certificates ?
Is there any possibility to import unverified (self signed) certificates by an easier method that getting hold of the public part and manually enter it into the root-cert.pem file? Since many private server owners can not afford a "real" certificate then enable to import the public part (permanently) with a click this would be a nice workaround to each and every connect have to approve the cert manually.
-
ghisler(Author)
- Site Admin
- Posts: 48088
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Yes, just click on the open locker icon and then choose to always accept the certificate! Newer TC7 beta versions will then store the certificate themselves into the pem file.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
Ah, this works OK for your test server on [url]ftps://www.ghisler.ch[/url] but I can not make it work with the other two servers I am connecting to most of the time. One is running the ftp service on debian (not sure exactly which one) the other one is running zFTPserver under windows and in these two cases I do not have the option of accepting the certificate permanently. The popup after clicking on the padlock only presents me with an OK button and the "Could not verify signature!" msg.
testserver: [url]ftps://test.e-tintin.com[/url]
u/p: test/test
testserver: [url]ftps://test.e-tintin.com[/url]
u/p: test/test
-
ghisler(Author)
- Site Admin
- Posts: 48088
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Your server gives me the following error:
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
Unable to verify the first certificate. No signatures could be verified because the chain contains only one certificate and it is not self signed.
This means that the server presented an invalid certificate which was not even self-signed!
Even if I change TC to let it add the cert to the chain, the verification fails on the next connection. I get the following added to wincmd.pem:
How did you create this certificate?
X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
Unable to verify the first certificate. No signatures could be verified because the chain contains only one certificate and it is not self signed.
This means that the server presented an invalid certificate which was not even self-signed!
Even if I change TC to let it add the cert to the chain, the verification fails on the next connection. I get the following added to wincmd.pem:
Code: Select all
test.e-tintin.com
-----BEGIN CERTIFICATE-----
MIICyTCCAjKgAwIBAgINMzM4NzE4Nzc3MDI5NjANBgkqhkiG9w0BAQUFADCBmTEL
MAkGA1UEBhMCU0UxEjAQBgNVBAgTCVNvbWVwbGFjZTESMBAGA1UEBxMJU29tZXdo
ZXJlMRUwEwYDVQQKEwxlLXRpbnRpbi5jb20xDTALBgNVBAsTBE5vbmUxGjAYBgNV
BAMTEXRlc3QuZS10aW50aW4uY29tMSAwHgYJKoZIhvcNAQkBFhFyb290QGUtdGlu
dGluLmNvbTAeFw0wNzA1MDExMTI5MzBaFw0wODA1MDExMTI5MzBaMIGZMQswCQYD
VQQGEwJTRTESMBAGA1UECBMJU29tZXBsYWNlMRIwEAYDVQQHEwlTb21ld2hlcmUx
FTATBgNVBAoTDGUtdGludGluLmNvbTENMAsGA1UECxMETm9uZTEaMBgGA1UEAxMR
dGVzdC5lLXRpbnRpbi5jb20xIDAeBgkqhkiG9w0BCQEWEXJvb3RAZS10aW50aW4u
Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI/6Lvfzq0Jd9j8N2xcMX2
5ASZw7kcBprvvt7EpxpriBcybKvkN2sIjKXc/Z6Hx+oTpgkcwAi4Zo0j+lkF8SBL
MKJMxp2sYu/tFjxgkK78TK+RuYG+u8udtNPOfxl2zAmvvg0oxuI7eA6HGQRraKR5
v+Fw9O0DUO/4m7uhsU/+vQIDAQABoxMwETAPBgNVHQ8BAQAEBQMDAOAAMA0GCSqG
SIb3DQEBBQUAA4GBAF1ZKic9IXBJwjeYMW67+hTtVsi1i4dKaGMDAAiSz0euNe71
8aTI/pQ+N8aqS1XcPIdDjN7fdiQ5CRGu9iRbcnfo1wCp637UTF754I62HM0RZ4Em
rM+MnHeb0TB+hEO1cs5G4dzmQuxJpwdhzErAvOyVc7dAM6o+iCzcOR12Cp7A
-----END CERTIFICATE-----
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
Thanks for the tip regarding the faulty cert!-
ghisler(Author)
- Site Admin
- Posts: 48088
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Nice to hear that! Yes, please inform the server admin. Maybe openssl changed command line parameters.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com