I am testing the client with with a Syncplify server. On the server, I created a user and imported a user certificate (as well as a server cert).
I then try to connect with the client and get the warning about whether I trust the server or not. I say that I do trust the server, and then I'm in.
There is not any warning/notification about the user. I do not have any related certificate installed on the client's host computer.
What (if anything) is actually happening, and is this the correct behavior?
How does the client get configured for user certificates?
Moderator: Project members
Re: How does the client get configured for user certificates?
Yes, correct. FTP over TLS is Transport Layer Security, the server certificate is presented to the user (s)he can verify the server is what it pretends to be. TLS isn't any means of access control mechanism, e. g. you can't lock out users with it.
FileZilla follows the TOFU (Trust On First Use) model, the user decides whether to trust the server or not. No certificate store is ever used, and no OCSP/CA query ever made. The warning will always appear on connection, unless you check the box to trust this certificate perpetually. Also note, that invalid or expired certificates cannot be permanently trusted.
FTPS Client certificates are not supported.
FileZilla follows the TOFU (Trust On First Use) model, the user decides whether to trust the server or not. No certificate store is ever used, and no OCSP/CA query ever made. The warning will always appear on connection, unless you check the box to trust this certificate perpetually. Also note, that invalid or expired certificates cannot be permanently trusted.
FTPS Client certificates are not supported.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: How does the client get configured for user certificates?
Thanks, I appreciate the clear explanation.
I may have missed one crucial piece of information (too close to the problem). I am running the server with SFTP.
While not using the same software that I am, a partner vendor sent us the certificate expecting us to use it. I don't know what they are using as a client, so I should ask that.
I may have missed one crucial piece of information (too close to the problem). I am running the server with SFTP.
While not using the same software that I am, a partner vendor sent us the certificate expecting us to use it. I don't know what they are using as a client, so I should ask that.
Re: How does the client get configured for user certificates?
SFTP doesn't use certificates, SFTP uses keys. If the server uses Public key authentication, FileZilla offers inserting the required Private Key in two places:
1. In the Settings - SFTP, for global usage throughout the application, or
2. In the Site Manager with selected "Key File" Logon Type.
Note that, if you need Password + Key File, you must enter the key into the global Settings.
1. In the Settings - SFTP, for global usage throughout the application, or
2. In the Site Manager with selected "Key File" Logon Type.
Note that, if you need Password + Key File, you must enter the key into the global Settings.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: How does the client get configured for user certificates?
Well, there's this nowadays: http://cvsweb.openbsd.org/cgi-bin/cvswe ... s?rev=HEAD, but it's not supported by PuTTY and as such not by FileZilla either.
Re: How does the client get configured for user certificates?
Thanks all. I meant key, but had cert on the brain from another issue I'm working on.