FileZilla Forums

Welcome to the official discussion forums for FileZilla
Donate to project
It is currently 2014-04-23 14:20

All times are UTC




Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: 2009-02-25 23:46 
Offline
500 Command not understood

Joined: 2009-02-25 22:19
Posts: 5
I've spent quite a bit of time today trying to get a commercial certificate working with FileZilla, only to conclude that FileZilla doesn't support such certificates. When you think about it, it's pretty obvioius. The interface provides only for a single certificate and private key. Obviously, all commercial certificates require a CA certificate at least.

You can add the CA and Intermediate certificates to the certificate file but FileZilla will just ignore them. You can have as many Intermediate and CA certificates in the certificate file as you like but unless the FQDN Certificate is first in the file, FileZilla won't load the certificate.

I have just noticed that the latest FileZilla Client, 3.2.2.1, implicitly acknowledges this limitation by no longer displaying an error message that appeared in 2.2.18 - "The error occured [sic] at a depth of 1 in the certificate chain". Instead, it simply shows the certificate details to the user and asks them whether or not to accept it.

So, after hours of trying to get a commercial certificate to work, I've given up and gone for a self-signed one. Luckily I was using a 30 day trial one from Comodo.

BTW, I don't intend for this to be a negative post. I think FileZilla is great. I just thought I'd save anyone thinking about using a commercial certificate a lot of time!

Of course, if anyone has got a commercial certificate to work then please let me know!


Top
 Profile  
 
PostPosted: 2009-02-26 00:19 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22552
Is it in PEM format?


Top
 Profile  
 
PostPosted: 2009-02-26 00:54 
Offline
500 Command not understood

Joined: 2009-02-25 22:19
Posts: 5
Yes, I converted them. Is there a way of getting it to work?


Top
 Profile  
 
PostPosted: 2009-02-26 08:28 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22552
Quote:
You can add the CA and Intermediate certificates to the certificate file but FileZilla will just ignore them. You can have as many Intermediate and CA certificates in the certificate file as you like but unless the FQDN Certificate is first in the file, FileZilla won't load the certificate.


Do you mean the client or the server here?


Top
 Profile  
 
PostPosted: 2009-02-26 10:59 
Offline
500 Command not understood

Joined: 2009-02-25 22:19
Posts: 5
Quote:
Do you mean the client or the server here?


The server. The pem file has the client cert, 2 x intermediate certs and the ca root cert in that order.

I've tried swapping around the intermediate certs to no avail.

The server gives no errors loading these certs but the new FileZilla client doesn't give an error message, it just times out trying to negotiate a secure connection.


Top
 Profile  
 
PostPosted: 2009-02-26 11:28 
Offline
Site Admin
User avatar

Joined: 2004-02-23 20:49
Posts: 22552
Odd. Try increasing the timeout value. Which server version by the way?


Top
 Profile  
 
PostPosted: 2009-02-26 11:38 
Offline
500 Command not understood

Joined: 2009-02-25 22:19
Posts: 5
botg wrote:
Odd. Try increasing the timeout value. Which server version by the way?


Server is 0.9.30. I'll try increasing the timeouts. The thing is, whether I use a self-signed cert or the client commercial cert (without the rest of the chain), the client software still says "the server's certificate is unknown...".

Supposing the whole certificate chain was working on the server, would the end user still get this warning?


Top
 Profile  
 
PostPosted: 2009-03-11 08:34 
Offline
500 Command not understood
User avatar

Joined: 2009-03-11 08:18
Posts: 2
Hi,

bctgroup wrote:
the client software still says "the server's certificate is unknown...".

Are you using Filezilla as client software?

The reson for the question is that I have the same problem "the server's certificate is unknown" when I try to connect using Filezilla as a client software (Explicit TLS/SSL). And Im using vsftpd as a FTP server.

My certificate is from verisign also using chained certificates.

So I think maybe that the problem is on the client side and not on the server side, but Im not sure yet.

BR
graneman


Last edited by graneman on 2009-03-11 08:42, edited 1 time in total.

Top
 Profile  
 
PostPosted: 2009-03-11 08:38 
Offline
500 Command not understood

Joined: 2009-02-25 22:19
Posts: 5
Yes, I'm using FileZilla as the client. See my post above about the error message having been removed from the latest version of the client.

I have gone down the self-signed route on this one.


Top
 Profile  
 
PostPosted: 2009-03-11 09:47 
Offline
500 Command not understood
User avatar

Joined: 2009-03-11 08:18
Posts: 2
bctgroup wrote:
Yes, I'm using FileZilla as the client. See my post above about the error message having been removed from the latest version of the client.

Ok, now I have read your post above again, and this time around I got it :-).

>I have gone down the self-signed route on this one.
I understand why.

Thank you for the information.

/graneman


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Dedicated server provided by Artmotion.
Forum sponsored by Everyware.ch.
Powered by phpBB® Forum Software © phpBB Group