Expired Server Certificate - Can't Check the Trust Boxes
Moderator: Project members
Re: Expired Server Certificate - Can't Check the Trust Boxes
Topic may not be new, but first of all, it may not be always possible to get certificate upgraded, so that means clicking alot.
Secondly, I think it is users who should decide if certificate is trusted or not... i think there should be option to allow to trust expired certificates. No need for parenting here I think.
Third, and last: You can bypass this problem by setting PC date back to where Certificate was valid. Then you can accept certificate and download stuff without problems.
Secondly, I think it is users who should decide if certificate is trusted or not... i think there should be option to allow to trust expired certificates. No need for parenting here I think.
Third, and last: You can bypass this problem by setting PC date back to where Certificate was valid. Then you can accept certificate and download stuff without problems.
-
- 500 Command not understood
- Posts: 1
- Joined: 2020-03-14 10:06
- First name: Federico
- Last name: Fallico
Re: Expired Server Certificate - Can't Check the Trust Boxes
It's not always possible to have a trusted certificate on specified host.
A common situation is when you have a CDN behind your server, you have to use the direct IP address of the server to use FTP, and IP-certificates are not for free (not even cheap).
Happy clicking then.
A common situation is when you have a CDN behind your server, you have to use the direct IP address of the server to use FTP, and IP-certificates are not for free (not even cheap).
Happy clicking then.
-
- 500 Command not understood
- Posts: 1
- Joined: 2020-04-14 10:58
- First name: Vodka
- Last name: Neat
Re: Expired Server Certificate - Can't Check the Trust Boxes
I'll also chip in on this as I've the same issue.
A large transfer queue will repeatedly ask me to verify an expired certificate, which makes unattended transfers impossible. Is it at least possible to get this changed so I'm only asked once per host/ transfer queue?
It's not realistic to ask any host you connect to "fix their certificate". Of course they should, but as a user that's really not your call. I feel a similar way about an ftp client, it's there to facilitate the operation, why is it making this difficult? If I wanted to validate a host I'd use a security suite, not an ftp client.
Sadly, this issue is forcing me to use different software, which is a shame after so many years of use. To be honest I appreciate the response, but don't really understand it.
A large transfer queue will repeatedly ask me to verify an expired certificate, which makes unattended transfers impossible. Is it at least possible to get this changed so I'm only asked once per host/ transfer queue?
It's not realistic to ask any host you connect to "fix their certificate". Of course they should, but as a user that's really not your call. I feel a similar way about an ftp client, it's there to facilitate the operation, why is it making this difficult? If I wanted to validate a host I'd use a security suite, not an ftp client.
Sadly, this issue is forcing me to use different software, which is a shame after so many years of use. To be honest I appreciate the response, but don't really understand it.
Re: Expired Server Certificate - Can't Check the Trust Boxes
If it concerns security, ease of use has to take the back seat.
Re: Expired Server Certificate - Can't Check the Trust Boxes
Sadly I am here because of this certificate issue as well. I spent some time explaining this issue to my hosting provider who seems to think that their cert is fine, while FileZilla says it isn't.
<Removed>
According to my hosting provider, it's acceptable to have to click ok for each file transfer to and from their server with filezilla. The option to accept the cert in filezilla is of course not selectable and as one could imagine, this process will get old very fast. That or I could buy a non-shared server since they have one cert for multiples and that is causing the issue they said?
It seems neither party wants to own up to the fact that this is an issue and should be resolved. Been using FileZilla for over 10 years now, never ran into an issue like this before.
<Removed>
According to my hosting provider, it's acceptable to have to click ok for each file transfer to and from their server with filezilla. The option to accept the cert in filezilla is of course not selectable and as one could imagine, this process will get old very fast. That or I could buy a non-shared server since they have one cert for multiples and that is causing the issue they said?
It seems neither party wants to own up to the fact that this is an issue and should be resolved. Been using FileZilla for over 10 years now, never ran into an issue like this before.
Last edited by boco on 2020-05-08 14:27, edited 1 time in total.
Reason: Removed possible advertising.
Reason: Removed possible advertising.
Re: Expired Server Certificate - Can't Check the Trust Boxes
The situation is very clear, though: A certificate that is expired is not valid any longer. Non-valid certificates must not be trusted permanently. So, your certificate issuer sold you an expired certificate? Because that's the subject of the topic at hand.
If the certificate (chain) is valid, you can check the box fine.
If the certificate (chain) is valid, you can check the box fine.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 500 Command not understood
- Posts: 1
- Joined: 2020-06-04 06:53
Re: Expired Server Certificate - Can't Check the Trust Boxes
Then why allow connecting to servers with expired certificates at all?If it concerns security, ease of use has to take the back seat.
If you're going to allow it, keeping the user's consent across the session makes sense. Or not allowing it at all makes sense too. But what's in there right now is a weird middle ground that's both insecure and not user friendly.
Re: Expired Server Certificate - Can't Check the Trust Boxes
@botg: Would it be possible to have a grace period (let's say, 30 days additional time for hosts to update) after the certificate has expired. In this time, warnings and certificate saved for session only. If the certificate is expired for longer, grey out the boxes. A yes, expired root certificates in cert chains should, of course, be deemed invalid, immediately.
Certificates that have just expired are no big danger. The danger is with the long expired or otherwise invalid/revoked ones.
Certificates that have just expired are no big danger. The danger is with the long expired or otherwise invalid/revoked ones.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org