Page 1 of 1
The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted.
Posted: 2017-06-21 14:39
by daryl.hill
We are currently using FileZilla 3.26.2 to connect to one of our FTP sites, and we get the error "The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted." The encryption setting is the default "Use explict FTP over TLS if available", if we use "Only use plain FTP (insecure)" it works without throwing up the certificate error.
Now the interesting thing is, if we use something like FireFTP and use the security setting "Auth SSL (Better)", which I believe uses the same protocols as FileZilla's "Use explict FTP over TLS if available", we don't get any certificate errors at all and it connects straight away.
Is there anyway to get round this problem with FileZilla at all?
Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted
Posted: 2017-06-21 21:17
by boco
It is neither an error nor a problem. FileZilla just doesn't use the OS certificate store (which might become compromised), instead, it follows the TOFU model (TOFU = Trust On First Use).
That means, at least upon first contact to every new server, you will get that popup, to carefully check and verify the certificate. If you trust it, click the button (+check the box for permanent trust). With permanent trust, you won't be bothered again for that exact certificate until it expires.
Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted
Posted: 2022-11-29 12:37
by b9chris
Maybe 1 person ever is going to actually "carefully check and verify the certificate." And it's probably just so they can sneer on an online forum and say others should do it. Or maybe even they have never done it and the number is 0.
If the OS cert store were to become compromised, that would leave you with far greater problems than "Does my Filezilla connect without bugging me?"
Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted
Posted: 2022-11-29 15:05
by boco
And you necro a five-year old thread, without checking dates, and without checking if the option is available in the meantime? Because it is.
The main reason for that whole certificate chaos is that the system is fundamentally flawed. Real trust cannot be bought with money, it needs to be built or earned. The only reason websites buy certificates from CAs is to make the browsers shut up and load the site without complaining.