FileZilla Forums

Hello I bought a Certified Multidomain SSL for my FTP Server but When I try to connect over TLS I recieve a Message :

The server certificate is unknown. Please carefully examine the certificate to ensure that the server can be trusted.

Compare the thumbprint displayed with the thumbprint of the certificate you received from your server administrator or server hosting provider. Context:

I have already certified my Windows Server IIS with the FTP certificate and I have also tried with FileZilla Server but it always gives me that message when I connect for the first time.

Does anyone know if this is normal and will it always happen the first time?

Seeing this dialog is quite normal, it tells you that the certificate in question is unknown or has issues. To continue, please compare the displayed fingerprint with a reference fingerprint you have obtained over a secure channel from the server administrator. Only if the fingerprints match can you continue.

Second issue: The certificate hasn't been issued with the Hostname you use to connect, but a different one. The mismatch is outlined in the red warning.

Thanks for the information. But I need to confirm that the certificate is still valid and has the fingerprint just like the server. Will the message in Filezilla always appear?
In what scenarios does the message that the certificate is unknown not appear?
According to my theory, since it is a server in a private cloud, what happens is that it lacks security schemes to be able to validate the certificate and for it to be provided by the entity that provides the web hosting service, for example. That is, if I create an FTP server in CPANEL, for example, the message no longer appears.
I hope your help.

boco wrote: ↑

2024-04-08 22:46

Second issue: The certificate hasn't been issued with the Hostname you use to connect, but a different one. The mismatch is outlined in the red warning.

"I have already overcome that problem but the unknown certificate message warning still appears as WARNING when connecting the FILEZILLA client for the first time."

By default, FileZilla will not use the OS Trust Store. Thus, every new certificate it encounters will be unknown at first. After you made sure the server's fingerprint displayed is the same as the one you got from the server admin over a secure channel (the "how" is up to you), you can click the first checkbox and you won't be bothered again, for that certificate, on that machine.

On the other hand, you could enable the system's Trust Store in the settings. Then, if your OS knows about a certificate and trusts it, FileZilla won't ask at all. Of course, then you're at mercy of the OS makers and the Trust industry mafia.

Thank you, so what do you recomend me?
Should I purchase an ftp service on a web hosting like cpanel so I can not receive that message?

No matter what service you buy, FileZilla will always display an "Unknown certificate" dialog upon first connection, because the certificate is not known to it (it's called TOFU - Trust On First Use).

If you don't want to see the messages for commercially bought certificates, you must enable the "Use system trust store to validate TLS certificates" option.

Thanks you.

I try to setting up my FilezCilla and try again.