The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted.

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
daryl.hill
500 Command not understood
Posts: 1
Joined: 2017-06-21 14:32
First name: Daryl
Last name: Hill

The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted.

#1 Post by daryl.hill » 2017-06-21 14:39

We are currently using FileZilla 3.26.2 to connect to one of our FTP sites, and we get the error "The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted." The encryption setting is the default "Use explict FTP over TLS if available", if we use "Only use plain FTP (insecure)" it works without throwing up the certificate error.

Now the interesting thing is, if we use something like FireFTP and use the security setting "Auth SSL (Better)", which I believe uses the same protocols as FileZilla's "Use explict FTP over TLS if available", we don't get any certificate errors at all and it connects straight away.

Is there anyway to get round this problem with FileZilla at all?

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted

#2 Post by boco » 2017-06-21 21:17

It is neither an error nor a problem. FileZilla just doesn't use the OS certificate store (which might become compromised), instead, it follows the TOFU model (TOFU = Trust On First Use).

That means, at least upon first contact to every new server, you will get that popup, to carefully check and verify the certificate. If you trust it, click the button (+check the box for permanent trust). With permanent trust, you won't be bothered again for that exact certificate until it expires.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

b9chris
500 Command not understood
Posts: 1
Joined: 2022-11-29 12:34
First name: Chris
Last name: M

Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted

#3 Post by b9chris » 2022-11-29 12:37

Maybe 1 person ever is going to actually "carefully check and verify the certificate." And it's probably just so they can sneer on an online forum and say others should do it. Or maybe even they have never done it and the number is 0.

If the OS cert store were to become compromised, that would leave you with far greater problems than "Does my Filezilla connect without bugging me?"

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted

#4 Post by boco » 2022-11-29 15:05

And you necro a five-year old thread, without checking dates, and without checking if the option is available in the meantime? Because it is.

The main reason for that whole certificate chaos is that the system is fundamentally flawed. Real trust cannot be bought with money, it needs to be built or earned. The only reason websites buy certificates from CAs is to make the browsers shut up and load the site without complaining.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

Post Reply