Admin TLS Certificate Expired
Moderator: Project members
Admin TLS Certificate Expired
FileZilla server stopped last night. Downloaded and installed x64 nightly build, 2022-11-21.
Noticed that at least one FTP client no longer had the correct password.
Also noticed that apparently the Administration TLS Certificate has Expired:
Noticed that at least one FTP client no longer had the correct password.
Also noticed that apparently the Administration TLS Certificate has Expired:
- Attachments
-
- expired.JPG (16 KiB) Viewed 19403 times
Re: Admin TLS Certificate Expired
If the certificate is expired, you must generate/provide a new one.
Re: Admin TLS Certificate Expired
Oh, dear me. Have installed Filezilla Server several times, and have no memory of creating a TLS certificate.
Had hoped that installing the "nightly build" would avoid the question, "have you installed the latest version?"
Thought I was being helpful.
Perhaps installing 1.5.1 will result in an acceptable TLS certificate?
Had hoped that installing the "nightly build" would avoid the question, "have you installed the latest version?"
Thought I was being helpful.
Perhaps installing 1.5.1 will result in an acceptable TLS certificate?
Re: Admin TLS Certificate Expired
The certificate is created and self-signed the first time the server installed. If that's good enough for you, you don't have to do anything until it expires. Then, you must either create a new self signed one or provide your own.
You can do that in the configuration window itself, under Administration/Connection Security.
Installing a new version of FileZilla Server will not help, as long as the old certificate is still referenced by the configuration.
You can do that in the configuration window itself, under Administration/Connection Security.
Installing a new version of FileZilla Server will not help, as long as the old certificate is still referenced by the configuration.
Re: Admin TLS Certificate Expired
Thanks. Have done so. What a coincidence that I would install a nightly build for the first time on the exact day that the SSL certificate expired.
Re: Admin TLS Certificate Expired
Validity is 365 days. Out of Interest, I checked my server, too, upon reading this topic, and, lo-and-behold, I had only four days left.
@botg @oibaf: Could you announce the nearing expiration of either certificate a bit earlier in the GUI? Like 14 days or so...
Additionally, it might even be possible to automagically present the appropriate dialog for renewing the certificate when you open the GUI with an expired one (exception: when using Let's Encrypt).
@botg @oibaf: Could you announce the nearing expiration of either certificate a bit earlier in the GUI? Like 14 days or so...
Additionally, it might even be possible to automagically present the appropriate dialog for renewing the certificate when you open the GUI with an expired one (exception: when using Let's Encrypt).
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Admin TLS Certificate Expired
(Display even more ignorance....)
Is there something magic (or required) about a one year (365 day) expiration? Why not make it 20 years?
Is there something magic (or required) about a one year (365 day) expiration? Why not make it 20 years?
Re: Admin TLS Certificate Expired
Because that would be bad practice.Why not make it 20 years?
A one year validity is certainly a compromise between security, control and effort with renewing. Take a very short validity period, and you have maximum security and control over the certificate, but the constant renewing would become a nuisance, quickly. Let's Encrypt's certificates have a validity of 90 days but are mostly renewed automatically by scripts or tools (this very website is no exception).
It may be very convenient to use a certificate with a very long or even infinite validity period, as you would not need to renew it for a long time, or never. But such a certificate is very bad, especially if it leaks to the public. Then, it becomes a big problem, as anyone could just pretend to be you. Sure, there are revocation mechanisms, but they could be deliberately ignored. For this reason, such a cert would haunt you virtually forever.
Back to FileZilla Server's one year validity. Sure, it's self-signed, but nevertheless a certificate which authenticates the server (admin cert) or you (server cert). Should the server cert leak, it cannot be abused after the validity ends, only the validity end date renders a certificate truly useless. And the admin cert? Well, you are supposed to change your passwords regularly, the same is true for the certificates. It only takes a few seconds.
Note, you can always create a certificate with a longer validity outside of FileZilla Server, it will be honored if imported. I'm using OpenSSL for generating an elliptic curve certificate to match FileZilla Server's, but with a validity of two years. Not that hard.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Admin TLS Certificate Expired
Great explanation. Thanks.
Re: Admin TLS Certificate Expired
I cannot let this stand uncorrected: The certificate is public information, it gets sent to the peer during every handshake. Each certificate, alongside other information contains a public key. All this data is then included in a signature which can be verified with the signer's public key. In case of a self-signed certificate, the public key asserted by the certificate and the signer' public key are the same.Should the server cert leak
The secrets that must not be leaked are the private key the certificate asserts and, in the general case each signer's private key.
Re: Admin TLS Certificate Expired
Yes, I meant the complete certificate information leaking (including the private part, the public one is public knowledge), as has happened in the past with various certs from various registrars.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Admin TLS Certificate Expired
Hey Guys, I'm having a very hard time here, I know I'm probably just missing something. Whenever I open the admin interface, I get an error message "The TLS Certificates for the following protocols have expired: Administration." I went into the admin panel and generated a new cert and as you can see, the self signed cert is generated and the expiration date is 02/15/2025. However when I hit apply it still tells me the cert is expired. I must be missing something simple here, or some sort of step, I don't know about. To my knowledge older versions of FZ Server, as soon as you generated the new self signed cert, it would just start using it.
I have attached screenshots, hope someone can help. Thanks in advance.
I have attached screenshots, hope someone can help. Thanks in advance.
Re: Admin TLS Certificate Expired
From your screenshots, you have renewed the wrong certificate. The one you need to renew is on the "Administration" sub page, "Connection security" tab.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Admin TLS Certificate Expired
That was it! Thank you Boco, i knew I was missing something simple. I'm still not use to the new interface
-
- 504 Command not implemented
- Posts: 7
- Joined: 2023-03-07 10:35
- First name: Cyril
- Last name: Marion
Re: Admin TLS Certificate Expired
Boko thank you !
One who knows is better than 10 who search
One who knows is better than 10 who search