Unknown Certificate for commercial SSL certificate

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Message
Author
jm888
500 Command not understood
Posts: 2
Joined: 2012-06-25 07:03
First name: J
Last name: M

Unknown Certificate for commercial SSL certificate

#1 Post by jm888 » 2012-06-25 07:20

FileZilla Client version: 3.5.3

FileZilla Server version: 0.9.37
It is using a GoDaddy issued SSL certificate (in PEM format) in "SSL/TLS settings". And the server loads the private key file and certificate file fine.

However, the FileZilla client prompts with "Unknown certificate".

It lists 3 certificates in chain:
0 is my domain certificate.
1 is "Go Daddy Secure Certification Authority". (intermediate cert?)
2 is "The Go Daddy Group, nc." (root cert?)

Is it true that FileZilla client will always display the prompt "Unknown certificate", even for trusted CA (e.g. "Go Daddy Class 2 Certification Authority")?

Thanks,
James

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: Unknown Certificate for commercial SSL certificate

#2 Post by boco » 2012-06-25 14:06

Is it true that FileZilla client will always display the prompt "Unknown certificate", even for trusted CA (e.g. "Go Daddy Class 2 Certification Authority")?
Correct.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Unknown Certificate for commercial SSL certificate

#3 Post by botg » 2012-06-25 16:27

How should FileZilla know the certificate is trusted, if not by asking the user first?

bilal604
500 Command not understood
Posts: 2
Joined: 2012-07-11 19:05
First name: Balal
Last name: Ahmad

Re: Unknown Certificate for commercial SSL certificate

#4 Post by bilal604 » 2012-07-11 19:07

do we have any line by fileZilla for this that the error will be disabled for unknown certificate ?

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: Unknown Certificate for commercial SSL certificate

#5 Post by boco » 2012-07-11 21:00

FileZilla will always ask, no way around that. Once the user selects to perpetually trust this certificate (s)he won't be asked again for this one. Note that invalid (e. g. expired) certificates cannot be trusted permanently, the option is disabled in this case.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

bilal604
500 Command not understood
Posts: 2
Joined: 2012-07-11 19:05
First name: Balal
Last name: Ahmad

Re: Unknown Certificate for commercial SSL certificate

#6 Post by bilal604 » 2012-07-12 14:58

Means do we have any link on filezella website said the same ?

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Unknown Certificate for commercial SSL certificate

#7 Post by botg » 2012-07-12 20:28

This is part of the FileZilla website.

jm888
500 Command not understood
Posts: 2
Joined: 2012-06-25 07:03
First name: J
Last name: M

Re: Unknown Certificate for commercial SSL certificate

#8 Post by jm888 » 2013-02-05 07:49

This is more of a suggestion for user experience.

How about renaming "Unknown Certificate" to "Certificate Review"?
"This server's certificate is unknown" can be replaced by "You haven't accepted this server's certificate for future sessions."

Users get alarmed when they see "Unknown Certificate" and "This server's certificate is unknown". These messages seem to suggest that Filezilla won't show that warning with "known" certificates. Admins keep thinking they can tweak the SSL certificate or configure the FTP server to avoid that warning.

I believe that by not using the word "unknown", it would avoid support questions.

BTW, FileZilla (client and server) rock!

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: Unknown Certificate for commercial SSL certificate

#9 Post by boco » 2013-02-05 13:22

These messages seem to suggest that Filezilla won't show that warning with "known" certificates.
FileZilla doesn't know any certificates by default. Remember, it does not use use the OS certificate store at all. Thus the word ''unknown'' is factually correct.
Many users seem to take it as kind of a browser (which uses the store), but it is clearly not.
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

friesen
500 Command not understood
Posts: 2
Joined: 2013-08-27 20:25
First name: Erik
Last name: Friesen

Re: Unknown Certificate for commercial SSL certificate

#10 Post by friesen » 2013-08-27 20:28

This definitely needs changing. This is one of those things that might have good reasoning behind it, but the "unknown" has to go.

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Unknown Certificate for commercial SSL certificate

#11 Post by botg » 2013-08-28 19:29

Why? If it's unknown, how should it be trusted without the user's consent?

friesen
500 Command not understood
Posts: 2
Joined: 2013-08-27 20:25
First name: Erik
Last name: Friesen

Re: Unknown Certificate for commercial SSL certificate

#12 Post by friesen » 2013-08-28 19:34

It needs to be reworded. The average user will have about 10 red flags in his mind, when its really a "fault" of filezilla for not checking any certificates in the first place.

Something like "This certificate may or may not be valid, filezilla does not check certificates for validity, please review" etc etc.

User avatar
boco
Contributor
Posts: 26899
Joined: 2006-05-01 03:28
Location: Germany

Re: Unknown Certificate for commercial SSL certificate

#13 Post by boco » 2013-08-28 19:43

"Please verify and confirm that you trust the following certificate. That's one of the few things FileZilla can't do for you. Thanks."
### BEGIN SIGNATURE BLOCK ###
No support requests per PM! You will NOT get any reply!!!
FTP connection problems? Please do yourself a favor and read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
### END SIGNATURE BLOCK ###

User avatar
botg
Site Admin
Posts: 35491
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse

Re: Unknown Certificate for commercial SSL certificate

#14 Post by botg » 2013-08-29 06:13

Sounds good.

santafilm
500 Command not understood
Posts: 1
Joined: 2013-09-07 07:41
First name: santa
Last name: film

Re: Unknown Certificate for commercial SSL certificate

#15 Post by santafilm » 2013-09-07 08:18

is it solved?
i want to make my website ssl.does it word?
<Removed advertisement>

Post Reply