Filezilla client SSL trust

A

amnixed

Gentlemen,

When connecting to my FreeBSD 12/pure-ftpd server, the Filezilla client correctly displays the installed Comodo wildcard certificate, but does not trust it. The .pem file in the pure-ftpd was concatenated as:

cat server.key comodo.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > pure-ftpd.pem

Talking to Comodo I was told that it isn't just Comodo SSL the Filezilla client does not trust, but the Filezilla client does not trust SSL certs from any CA (??)

Does anyone happen to have a pure-ftpd/Comodo SSL configuration trusted by the Filezilla client?
 
Thank you for replying - Yes, SirDice, it's installed.

I don't see any clue in the Filezilla client log:

Code: 
Status:    Connecting to 10.10.10.242:21...
Status:    Connection established, waiting for welcome message...
Trace:    CFtpControlSocket::OnReceive()
Response:    220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:    [...]
Trace:    CFtpLogonOpData::ParseResponse() in state 1
Trace:    CControlSocket::SendNextCommand()
Trace:    CFtpLogonOpData::Send() in state 2
Command:    AUTH TLS
Trace:    CFtpControlSocket::OnReceive()
Response:    234 AUTH TLS OK.
Trace:    CFtpLogonOpData::ParseResponse() in state 2
Status:    Initializing TLS...
Trace:    CTlsSocketImpl::Handshake()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    TLS handshake: About to send CLIENT HELLO
Trace:    TLS handshake: Sent CLIENT HELLO
Trace:    CTlsSocketImpl::OnSend()
Trace:    CTlsSocketImpl::OnRead()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    CTlsSocketImpl::OnRead()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    TLS handshake: Received SERVER HELLO
Trace:    TLS handshake: Processed SERVER HELLO
Trace:    CTlsSocketImpl::OnRead()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    CTlsSocketImpl::OnRead()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    TLS handshake: Received CERTIFICATE
Trace:    TLS handshake: Processed CERTIFICATE
Trace:    TLS handshake: Received SERVER KEY EXCHANGE
Trace:    TLS handshake: Processed SERVER KEY EXCHANGE
Trace:    TLS handshake: Received SERVER HELLO DONE
Trace:    TLS handshake: Processed SERVER HELLO DONE
Trace:    TLS handshake: About to send CLIENT KEY EXCHANGE
Trace:    TLS handshake: Sent CLIENT KEY EXCHANGE
Trace:    TLS handshake: About to send FINISHED
Trace:    TLS handshake: Sent FINISHED
Trace:    CTlsSocketImpl::OnRead()
Trace:    CTlsSocketImpl::ContinueHandshake()
Trace:    TLS handshake: Received NEW SESSION TICKET
Trace:    TLS handshake: Processed NEW SESSION TICKET
Trace:    TLS handshake: Received FINISHED
Trace:    TLS handshake: Processed FINISHED
Trace:    TLS Handshake successful
Trace:    Protocol: TLS1.2, Key exchange: ECDHE-RSA, Cipher: CHACHA20-POLY1305, MAC: AEAD
Status:    Verifying certificate...
Error:    Remote certificate not trusted.
 
I meant to ask if it was installed on the client. The package contains the CA root certificates you need in order to verify registered SSL certificates.
 
SirDice, it is installed. I was told on the FileZilla board that FileZilla employs the "Trust On First Use" model.

Thanks for your help!
 
You must log in or register to reply here.
Back
Top