Just an update to close the thread: the hosting company has changed
their server setup to include the intermediate CA certificates in
addition to the server certificates. I can now confirm that the
certificate chain is indeed visible when connecting with lftp (in
debug mode), and certificate verifi
I've contacted the hosting company. Thank you so much for
troubleshooting this issue, and helping me understand certificate
verification better!
Naël
On Tue, Mar 21, 2017 at 1:37 PM, Alexander V. Lukyanov wrote:
> On Mon, Mar 20, 2017 at 11:49:46PM +0100, Daniel Fazekas wrote:
>> On Mar 20, 2017
On Mon, Mar 20, 2017 at 11:49:46PM +0100, Daniel Fazekas wrote:
> On Mar 20, 2017, at 14:55, Nathanaël Naeri wrote:
> > Is that an issue that this hosting company could do something about? I
> > can ask their sysadmins for help.
>
> It's a common setup mistake to make for server admins that they o
@Alexander:
Sure, SERVER=pool222, and other numbers would probably work I suppose.
I originally assumed it was irrelevant since CN=*.seedbox.fr but
apparently it's not without importance.
The error happens when I run the first "ls" command (lftp 4.7.7 w/
GnuTLS 3.5.10):
$ ./lftp
lftp :~> debug
l
On Mar 20, 2017, at 14:55, Nathanaël Naeri wrote:
> Is that an issue that this hosting company could do something about? I
> can ask their sysadmins for help.
It's a common setup mistake to make for server admins that they only add the
server certificate to their configuration. Normally you also
Does the "Not trusted" error happen just after connecting or when doing the
data connection? Can you provide at least the server name?
пн, 20 мар. 2017 г. в 16:55, Nathanaël Naeri :
> It appears that "open -d https://www.seedbox.fr"; works indeed
> ("Trusted", certificate chain printed out as in
It appears that "open -d https://www.seedbox.fr"; works indeed
("Trusted", certificate chain printed out as in your previous
message), but "open -d -p 21 -u USER,PASS SERVER.seedbox.fr" doesn't
("Certificate verification: Not trusted", same output as reported in
my first message).
Using lftp 4.7.7
Thank you for your answer. I have updated my version of GnuTLS to
3.5.10 and compiled lftp 4.7.7 against it. The resulting "./lftp
--version" shows "Libraries used: Readline 6.3, Expat 2.1.0, GnuTLS
3.5.10, zlib 1.2.8". Yet the error I reported in my first message
remains: "Certificate verification
I can't reproduce the problem. Here is what I get with OpenSSL 1.0.2k:
Certificate depth: 3; subject: /C=SE/O=AddTrust AB/OU=AddTrust External TTP
Network/CN=AddTrust External CA Root; issuer: /C=SE/O=AddTrust AB/OU=AddTrust
External TTP Network/CN=AddTrust External CA Root
Certificate depth: 2;
PS: The certificate chain that I can follow manually using OpenSSL is
different than that shown by my browser (Firefox > Page Info). I don't
know why that is. It goes as follow:
AddTrust External CA Root
COMODO RSA AddTrust CA
COMODO RSA Organization Validation Secure Server CA
*.seedb
Thanks for your answer. I have checked that Comodo's root CA
certificate is present in the certificate bundle file, however
Comodo's intermediate CA certificate (that signed the server's
certificate) isn't, as is normal if I understand correctly.
The certificate hierarchy is as follow (as shown by
Your understanding of CA is correct. The Comodo certificate should be
present in the CA bundle for the verification to succeed.
вс, 12 марта 2017, 5:16 Nathanaël Naeri :
> I'm trying to connect to a FTP server that supports explicit FTPS
> using TLS, but I can't get certificate verification worki
12 matches
Mail list logo