Start a new topic

Wildcard SSL cert is "untrusted" by FTP client

csea @ Tue Aug 12 13:15:39 EEST 2014
We've successfully configured CrushFTP 6.5.0 to use FTP/SSL, and we have a valid Wildcard certificate issued by Thawte. However, WS_FTP and FileZilla both report that "the certificate supplied by the server was not issued by a Trusted Authority."

The PFX certificate is configured in the global Encryption settings (SSL / Keystore Location) and it works fine over HTTPS.

Do you have any suggestions for getting the cert to be trusted? Thanks.

spinkb @ Tue Aug 12 14:43:33 EEST 2014
Do they show the certificate sand tell you why they don't trust it specifically?

Thanks,
Ben
csea @ Tue Aug 12 15:00:57 EEST 2014
The dialog displays the proper information about the certificate, but does not allow the certificate itself to be viewed. See image below. And the only reason given is that it was "not issued by a Trusted Authority."

[img]http://www.calcsea.org/portals/0/images/csea_ftp_nontrustedcert.jpg[/img]

http://www.calcsea.org/portals/0/images/csea_ftp_nontrustedcert.jpg
spinkb @ Tue Aug 12 15:04:16 EEST 2014
That is just saying your client doesn't trust the issuer of the cert. Nothing wrong in CrushFTP. Its a client issue.

A newer version for eh client might have a newer trust ca certificates DB and trust it.

Thanks,
Ben
csea @ Tue Aug 12 15:30:50 EEST 2014
OK. Thanks. We have a number of users sending us sensitive files, some of whom prefer FTP over HTTP. One is using CoreFTP, and is encountering the same trust issue.

Is there a CrushFTP config you could suggest for avoiding any trust-related messages for FTP clients? Would enabling SSH FTP be the answer?
spinkb @ Tue Aug 12 16:07:09 EEST 2014
SFTP still requires the user to trust the server one time, but after that it will work without asking with most clients.

SSL is supposed to be the answer to that, but only if clients implement it correctly....and you enter the DNS into the FTP client and not the IP.

Thanks,
Ben
Login to post a comment