TLS Handshake Error
Posted: 2018-12-06 17:06
I've set up a new FTP site in IIS 10. FTP services work perfectly when using insecure connections (FTP). When i enable SFTP, however, the FZ client can no longer connect to the IIS server. I get the exact same error message posted in this thread:
"Received certificate chain could not be verified. Verification status is 1048576."
viewtopic.php?f=2&t=45554&p=156233&hili ... 6.#p156233
The response in that thread is quite vague to me. I looked at the certificate chain on both the client and server, and they match. I have added all necessary Intermediary certs on both the client and server sides as well. When i google that error, almost nothing comes up. I'm at a loss. I've asked other admins in my department, and theyre stumped too. IIS logs are not showing anything conclusively.
Let me run through the chain of events that leads to this error:
1. IIS server is booted. SFTP is online w/ SSL Cert installed. IIS is requiring secure connections over either port 22 or 990. (any combination of ports in passive mode results in the same error.)
2. the very FIRST attempt to connect works! My FZ client session shows up in IIS under "FTP Current Sessions." That said, there's an error in the client when trying to list the contents of the shared folder on the FTP server.
3. Eventually the connection/session times out due to inactivity.
4. I try to connect again and immediately get that 1048576 error.
to summarize: Insecure FTP connections work fine. The 1st attempt to connect w/ TLS works correctly, albeit showing an error when trying to list the directory contents. Subsequent attempts to connect fail w/ error 1048576.
"Received certificate chain could not be verified. Verification status is 1048576."
viewtopic.php?f=2&t=45554&p=156233&hili ... 6.#p156233
The response in that thread is quite vague to me. I looked at the certificate chain on both the client and server, and they match. I have added all necessary Intermediary certs on both the client and server sides as well. When i google that error, almost nothing comes up. I'm at a loss. I've asked other admins in my department, and theyre stumped too. IIS logs are not showing anything conclusively.
Let me run through the chain of events that leads to this error:
1. IIS server is booted. SFTP is online w/ SSL Cert installed. IIS is requiring secure connections over either port 22 or 990. (any combination of ports in passive mode results in the same error.)
2. the very FIRST attempt to connect works! My FZ client session shows up in IIS under "FTP Current Sessions." That said, there's an error in the client when trying to list the contents of the shared folder on the FTP server.
3. Eventually the connection/session times out due to inactivity.
4. I try to connect again and immediately get that 1048576 error.
to summarize: Insecure FTP connections work fine. The 1st attempt to connect w/ TLS works correctly, albeit showing an error when trying to list the directory contents. Subsequent attempts to connect fail w/ error 1048576.