FTP SSL/TLS Client Certificate - Nothing Works

Latest version. We've tried every kind of key/certificate and nothing works with WinSCP. We've tried private/public (PEM), private/certificate (PEM), OpenSSH, non-OpenSSH, PuTTYgen, Keystore Explorer, Java. The only thing we could get to work was a very old expired certificate (in private key / certificate PEM format). Nothing new works. WinSCP either doesn't accept the file at all or you get disconnected from the server with "SSL3 alert read: fatal certificate unknown". Our keys and certs work with other clients to the same server. Even the bundled PuTTYgen does not generate files that WinSCP can use.

I think WinSCP is not handling SSL certificates correctly. You need to use standard X.509 certificates, in standard file formats, and WinSCP should not require that they be signed. That's up to the server. And you need to be able to enter a password/passphrase for some files formats. And SSL/TLS requires that you have both your private key and your public certificate to encrypt. WinSCP has no place to specify a private key!

It was working in previous versions.

Can you please be more specific?
What certificate format was working in previous versions of WinSCP and is not working now?
Note that PuTTYgen is for generating SSH keys, not TLS certificates. Same for OpenSSH tools. SSH and TLS are not comparable nor compatible.
Can you share an example certificate that does not work with WinSCP, but works with other clients (and which are those)?

If you grab a previous version of WinSCP, does it work again? Its not hard to do: https://sourceforge.net/projects/winscp/files/WinSCP/

I created a pub/priv key pair a few months ago and when I attempted another one it fails adding the private key. The keys were created with Putty as before that worked.

Cannot read certificate - path to the file.
error:1E08010C:DECODER routines::unsupported

@needing help: Are you @CryptoBoy or someone else? As I've stated above, you cannot use PuTTYgen to generate certificates for FTPS. That does not work, and never did. If you need our help, we need much more information (see my previous post).