Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

guest123456

I'm sorry I can't do that at the moment, maybe monday. But I was able to connect after upgrading to latest WinSCP version. I had to set the flag GiveUpSecurityAndAcceptAnyTlsHostCertificate to true. If false, I still get same error.

I'm happy it works with GiveUpSecurityAndAcceptAnyTlsHostCertificate on true...
martin

Re: FTPS connection gives Windows certificate store error: 800B0109

It seems that you mix two different problems.
Can you post a full session log file?
guest123456

FTPS connection gives Windows certificate store error: 800B0109

I try to connect to an FTP over TLS (FTPS) but I get the error below... I have no clue how to troubleshoot this... using
GiveUpSecurityAndAcceptAnyTlsHostCertificate
helps connecting but when enumerating the folder I get another error:
Error listing directory '/'.
TLS connect: failed in SSLv3 read finished A
Can't establish TLS connection
Could not retrieve directory listing


I also don't want to use
GiveUpSecurityAndAcceptAnyTlsHostCertificate
of course.

Can anyone help or point me in the right direction please?

. Connecting to ftps.company.com:port ...
. Connected with ftps.company.com:port, negotiating TLS connection...
< 220 Microsoft FTP Service
> AUTH TLS
< 234 AUTH command ok. Expecting TLS Negotiation.
. Verifying certificate for "company Anon" with fingerprint 15:38:22:e9:92:78:c4:ac:95:54:88:8b:11:7e:dd:5a:ff:9a:8b:45 and 19 failures
. Certificate common name "*.company.com" matches hostname
. Certificate failed to verify against Windows certificate store: Error: 800B0109, Chain index: 0, Element index: -1
. Asking user:
. **The server's certificate is not known. You have no guarantee that the server is the computer you think it is.**
.
. Server's certificate details follow:
.
. Issuer:
. - Organization: clientCompany, SSL Inspection, it@clientCompany.com
.
. Subject:
. - Organization: company Anon, *.company.com
.
. Valid: 12/01/2018 17:30:54 - 1/04/2021 9:55:08
.
. Fingerprint (SHA-1): 15:38:22:e9:92:78:c4:ac:95:54:88:8b:11:7e:dd:5a:ff:9a:8b:45
.
. Summary: Self-signed certificate in certificate chain. The error occurred at a depth of 4 in the certificate chain.
.
. If you trust this certificate, press Yes. To connect without storing certificate, press No. To abandon the connection press Cancel.
.
. Continue connecting and store the certificate? ()
. Peer certificate rejected
. Disconnected from server
. Connection failed.


I connect as follows (this is also what WinSCP UI generated:

            SessionOptions = new SessionOptions

            {
                Protocol = Protocol.Ftp,
                HostName = hostName,
                PortNumber = portNumber,
                UserName = username,
                Password = password,
                FtpSecure = FtpSecure.Explicit,
                TlsHostCertificateFingerprint = ....,
            };