Host certificate

Hi Support
I am using the WinSCP API to connect to a FileZilla FTP server.
The server has been set up with the following configuration:
Enabled FTP over TLS
Disabled unencrypted FTP
Disabled explicit FTP
So basically I only allow implicit FTP.

Using the WinSCP client i can connect by configuring the following settings:
File protocol: FTP
Encryption: TLS/SSL Implicit encryption
Host name: <server IP address>
Port number: 990 (default set)
Rest of it, is as default.

Using WinSCP API i can connet using the following settings:
Protocol: Ftp
FtpMode: Passive
FtpSecure: Implicit
HostName: <server IP address>
GiveUpSecurityAndAcceptAnyTlsHostCertificate: false
SshHostKeyFingerprint: null
TlsHostCertificateFingerprint: <certificate fingerprint>
Rest of it, is as default.

I got the TlsHostCertificateFingerprint from a WinSCP client session to the FTP server.
My question is, how do i get a certificate fingerprint if i don't use the WinSCP client. I basically want to be able to do the same thing that the client does when it generates or retrieves the certificate. How does the client get the certificate?

JakobAagesen wrote:

I basically want to be able to do the same thing that the client does when it generates or retrieves the certificate. How does the client get the certificate?

What are you trying to achieve? Do you understand that you should get the certificate (its fingerprint) using a separate reliable channel? Not automatically! Even getting it from the WinSCP GUI is not the best way.
See https://winscp.net/eng/docs/faq_hostkey
It's about SSH host keys, but it applies to self-signed TLS certificates too.
Unless you want to implement something like this:
https://winscp.net/eng/docs/library_example_known_hosts
https://winscp.net/eng/docs/library_session_scanfingerprint

After upgrading WinSCP to the most current version, we started to see [The server's host key does not match the one WinSCP has in cache.] We ( 4 ) external connections and all ( 4 ) connections at times reported this WARNING. Again it's not happening all the time, its randomly happen and it started after the upgrade. So, we downgraded WinSCP, but that didn't fix the issue.

This warning is playing havoc with my automation scripts to connect.

Please HELP!

biegelboy wrote:

After upgrading WinSCP to the most current version, we started to see [The server's host key does not match the one WinSCP has in cache.] We ( 4 ) external connections and all ( 4 ) connections at times reported this WARNING. Again it's not happening all the time, its randomly happen and it started after the upgrade. So, we downgraded WinSCP, but that didn't fix the issue.

Please post session log files both from failed connection and successful connection using the same settings.