Page 1 of 1

New Topic, but old problem? "...error:02001003..."

Posted: 2019-09-17 14:55
by Trisklbr
First: If I'm in the wrong place to start, please forgive me. I've been beating my head on this a couple days... I am experiencing the exact issue shown here: viewtopic.php?t=49787 using the latest versions of FileZilla and OpenSSL installed on Windows Server 2016 in Azure. I'm using the same certificate files and configuration that are still working perfectly in our old environment, with only the paths modified as necessary. I do NOT expect it to be fully operational as is, but I wanted to see that the server worked before spending time on the new certificates and such. Change as little as possible at one time, you know? The thread above appeared when I copied and pasted the error into Google. It's a perfect match, but after a couple messages the thread stopped and I don't see a reference to how the 2 posters with the issue got past it. I've been trying everything I can think of or find online one piece at a time, including the couple points mentioned in the thread I'm referring to. I will be pathetically grateful for any help that anyone can provide me with. Thanks!

Re: New Topic, but old problem? "...error:02001003..."

Posted: 2019-09-17 16:02
by boco
First, it might be helpful to test with a test certificate generated by FZ Server itself. Does that certificate fail to load as well? When generating the certificate, fill in all fields, don't leave any blank. Otherwise, the cert might not work.

Are the SSL libraries included with FileZilla Server still in their original state? You can try to reinstall FZ Server, the settings are not deleted.
The account FZ Server runs under (SYSTEM by default) must have access to the certificate.

Re: New Topic, but old problem? "...error:02001003..."

Posted: 2019-09-17 17:47
by Trisklbr
I'll try it with a self-signed cert and post results in a few minutes. Thanks so much for your quick response! I'll also verify that SYSTEM has rights, but I'm pretty sure it does.

Re: New Topic, but old problem? "...error:02001003..."

Posted: 2019-09-17 18:07
by Trisklbr
Huh. Rights were fine, but... the self-signed certificate works just fine. I'll try converting the new, final certificate and applying it. What is the specific encoding that FileZilla prefers? I'm guessing PEM/base64?

Re: New Topic, but old problem? "...error:02001003..."

Posted: 2019-09-17 18:38
by boco
Yep, AFAIK, simply PEM, radix64 (aka base64) encoded.

Must be something peculiar about the current commercial certificate. Maybe a ciphersuite OpenSSL does not like? (The included libs are OpenSSL ver 1.0.2k)