Page 1 of 2

Unknown Certificate for commercial SSL certificate

Posted: 2012-06-25 07:20
by jm888
FileZilla Client version: 3.5.3

FileZilla Server version: 0.9.37
It is using a GoDaddy issued SSL certificate (in PEM format) in "SSL/TLS settings". And the server loads the private key file and certificate file fine.

However, the FileZilla client prompts with "Unknown certificate".

It lists 3 certificates in chain:
0 is my domain certificate.
1 is "Go Daddy Secure Certification Authority". (intermediate cert?)
2 is "The Go Daddy Group, nc." (root cert?)

Is it true that FileZilla client will always display the prompt "Unknown certificate", even for trusted CA (e.g. "Go Daddy Class 2 Certification Authority")?

Thanks,
James

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-06-25 14:06
by boco
Is it true that FileZilla client will always display the prompt "Unknown certificate", even for trusted CA (e.g. "Go Daddy Class 2 Certification Authority")?
Correct.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-06-25 16:27
by botg
How should FileZilla know the certificate is trusted, if not by asking the user first?

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-07-11 19:07
by bilal604
do we have any line by fileZilla for this that the error will be disabled for unknown certificate ?

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-07-11 21:00
by boco
FileZilla will always ask, no way around that. Once the user selects to perpetually trust this certificate (s)he won't be asked again for this one. Note that invalid (e. g. expired) certificates cannot be trusted permanently, the option is disabled in this case.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-07-12 14:58
by bilal604
Means do we have any link on filezella website said the same ?

Re: Unknown Certificate for commercial SSL certificate

Posted: 2012-07-12 20:28
by botg
This is part of the FileZilla website.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-02-05 07:49
by jm888
This is more of a suggestion for user experience.

How about renaming "Unknown Certificate" to "Certificate Review"?
"This server's certificate is unknown" can be replaced by "You haven't accepted this server's certificate for future sessions."

Users get alarmed when they see "Unknown Certificate" and "This server's certificate is unknown". These messages seem to suggest that Filezilla won't show that warning with "known" certificates. Admins keep thinking they can tweak the SSL certificate or configure the FTP server to avoid that warning.

I believe that by not using the word "unknown", it would avoid support questions.

BTW, FileZilla (client and server) rock!

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-02-05 13:22
by boco
These messages seem to suggest that Filezilla won't show that warning with "known" certificates.
FileZilla doesn't know any certificates by default. Remember, it does not use use the OS certificate store at all. Thus the word ''unknown'' is factually correct.
Many users seem to take it as kind of a browser (which uses the store), but it is clearly not.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-08-27 20:28
by friesen
This definitely needs changing. This is one of those things that might have good reasoning behind it, but the "unknown" has to go.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-08-28 19:29
by botg
Why? If it's unknown, how should it be trusted without the user's consent?

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-08-28 19:34
by friesen
It needs to be reworded. The average user will have about 10 red flags in his mind, when its really a "fault" of filezilla for not checking any certificates in the first place.

Something like "This certificate may or may not be valid, filezilla does not check certificates for validity, please review" etc etc.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-08-28 19:43
by boco
"Please verify and confirm that you trust the following certificate. That's one of the few things FileZilla can't do for you. Thanks."

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-08-29 06:13
by botg
Sounds good.

Re: Unknown Certificate for commercial SSL certificate

Posted: 2013-09-07 08:18
by santafilm
is it solved?
i want to make my website ssl.does it word?