I run a website that uses IIS 10's FTP server and I have it setup to use Explicit FTP over TLS and it's worked great for the last year+. I bought the server certificate through Digicert.
The server certificate expired on 2019-01-04. I renewed the certificate at Digicert, one that is good through 2021. I then installed it on the Windows server, and updated the FTP site to use the new certificate.
However, when I try connecting with FileZilla Client, the log reports the following:
Code: Select all
Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
If I click Ok, it continues, but then it says: Primary connection and data connection certificates don't match.
Here's the log following the "Initializing TLS..."
Code: Select all
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE I
Response: 200 Type set to I.
Command: PASV
Response: 227 Entering Passive Mode (38,101,199,155,19,46).
Command: LIST
Response: 150 Opening BINARY mode data connection.
Error: Primary connection and data connection certificates don't match.
Error: Transfer connection interrupted: ECONNABORTED - Connection aborted
Response: 226 Transfer complete.
Error: Failed to retrieve directory listing
Status: Disconnected from server: ECONNABORTED - Connection aborted
If I update the IIS FTP server to use the OLD certificate and retry connecting, I get the same expired certificate warning on Initializing TLS, but then when I click Ok it connects and I can transfer files without issue (albeit, I have to confirm that the certificate is expired every transfer).
What's going on here? Is FileZilla Client caching the Initializing TLS certificate? I've tried deleting the trustedcerts.xml file, but that didn't make any difference.
There is just one setting for the FTP SSL Certificate in IIS, so I don't think it's a server-side issue.
Thanks