Certificate error when trying to upload a file

Question

Certificate error when trying to upload a file

asked Jan 26, 2013 in .NET FTP by Teknologist (540 points)

I get the following error when trying to upload a file using SFTP:

INFO [LicenseProperties] 25 Jan 2013 14:54:44.750 : Licence expiry date: 12/31/9999
INFO [LicenseProperties] 25 Jan 2013 14:54:44.751 : Production license
DEBUG [SSLFTPClient] 25 Jan 2013 14:54:44.752 : Connecting to ftp.ftpserver.com:990
DEBUG [SSLFTPControlSocket] 25 Jan 2013 14:54:44.758 : waitOnShutdownSSL=True
DEBUG [HostNameResolver] 25 Jan 2013 14:54:44.772 : Resolving ftp.ftpserver.com
DEBUG [HostNameResolver] 25 Jan 2013 14:54:44.777 : Obtained 1 addresses
DEBUG [HostNameResolver] 25 Jan 2013 14:54:44.778 : IP address: 100.195.83.100
DEBUG [HostNameResolver] 25 Jan 2013 14:54:44.778 : ftp.ftpserver.com resolved to 100.195.83.100
DEBUG [ExFTPControlSocket] 25 Jan 2013 14:54:44.779 : Connecting directly to ftp-server ftp.ftpserver.com:990
INFO [SSLFTPSocket] 25 Jan 2013 14:54:44.781 : Connecting to 100.195.83.100:990 with timeout 120000 ms
DEBUG [SSLFTPControlSocket] 25 Jan 2013 14:54:44.840 : Beginning Tls1 handshake.
DEBUG [SocketController] 25 Jan 2013 14:54:45.035 : Processing hello
ERROR [SocketController] 25 Jan 2013 14:54:45.371 : OnReceive - caught exception - closing
ERROR [SocketController] 25 Jan 2013 14:54:45.371 : EnterpriseDT.Mentalis.Security.Ssl.Shared.SslHandshakeException: The certificate could not be verified: UntrustedRoot - A certification chain processed correctly but terminated in a root certificate not trusted by the trust provider.
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at GYvvnpfaXCLkGwjyY4.TxPqk3kvwZT41AXX41.LeX4dwiOYH(vLyDIXT8rKwASe1Pnmi , Boolean )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at GYvvnpfaXCLkGwjyY4.TxPqk3kvwZT41AXX41.BIy4TAUS8D(CdieaoTBvjSF8Pwkb9x , Boolean )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at tug4vRevjtgUy5G6h2.NMqZXat7dNDwhlwrZE.ProcessMessage(CdieaoTBvjSF8Pwkb9x )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at GYvvnpfaXCLkGwjyY4.TxPqk3kvwZT41AXX41.vyS4YRyoWd(NdP473heJXe1xfvOcay )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at VDkGUjmV0kfSA355rVt.u3yKcbmvl8TEeHTHLxQ.SlARmlhCk9(Byte[] , Int32 , Int32 )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at RQvgKYhg8LQCZPHlh4P.dPeHj2hJtYJpimvWDmx.LFWiPGOGNS(Byte[] , Int32 , Int32 )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at RQvgKYhg8LQCZPHlh4P.dPeHj2hJtYJpimvWDmx.IT7imQbMg3(Byte[] , Int32 , Int32 )
ERROR [SocketController] 25 Jan 2013 14:54:45.371 :    at YDYCDBWDPaUPKgZT3SG.lK6vxkWed310ncX86nN.akJuSW6oTi(IAsyncResult )
DEBUG [SocketController] 25 Jan 2013 14:54:45.508 : CloseConnection(e=The certificate could not be verified: UntrustedRoot - A certification chain processed correctly but terminated in a root certificate not trusted by the trust provider.)
DEBUG [SocketController] 25 Jan 2013 14:54:45.509 : Shut down socket
DEBUG [SocketController] 25 Jan 2013 14:54:45.513 : Closed socket

The application that I am using the library in has been up and running for quite a while now. The only difference is we just upgraded the production machine to a new Windows 7 Pro 64 bit machine from a WIndows XP Pro 32 bit OS. The server is a server that I do not control and if I run the application on my dev machine it uploads the files perfectly. Below is the log from my dev machine.

INFO [LicenseProperties] 28 Nov 2012 12:25:38.659 : Production license
DEBUG [SSLFTPClient] 28 Nov 2012 12:25:38.660 : Connecting to ftp.ftpserver.com:990
DEBUG [SSLFTPControlSocket] 28 Nov 2012 12:25:38.662 : waitOnShutdownSSL=True
DEBUG [HostNameResolver] 28 Nov 2012 12:25:38.667 : Resolving ftp.ftpserver.com
DEBUG [HostNameResolver] 28 Nov 2012 12:25:38.682 : Obtained 1 addresses
DEBUG [HostNameResolver] 28 Nov 2012 12:25:38.683 : IP address: 100.195.83.100
DEBUG [HostNameResolver] 28 Nov 2012 12:25:38.683 : ftp.ftpserver.com resolved to 100.195.83.100
DEBUG [ExFTPControlSocket] 28 Nov 2012 12:25:38.684 : Connecting directly to ftp-server ftp.ftpserver.com:990
ALL [AsyncResult] 28 Nov 2012 12:25:38.688 : WaitOne begin: 100 0
ALL [AsyncResult] 28 Nov 2012 12:25:38.856 : Notify setting completed: null 0
ALL [AsyncResult] 28 Nov 2012 12:25:38.857 : Notify setting wait: 0
ALL [SecureSocket] 28 Nov 2012 12:25:38.858 : Notify: SecureSocket.OnConnect
ALL [AsyncResult] 28 Nov 2012 12:25:38.858 : WaitOne end: True 0
DEBUG [SSLFTPControlSocket] 28 Nov 2012 12:25:38.860 : Beginning Ssl3 handshake.
DEBUG [SecureSocket] 28 Nov 2012 12:25:38.861 : Changing protocol to Ssl3
DEBUG [SSLFTPControlSocket] 28 Nov 2012 12:25:38.861 : Ssl3 handshake complete.
DEBUG [FTPControlSocket] 28 Nov 2012 12:25:38.862 : Setting socket timeout=120000
ALL [TransferBuffer] 28 Nov 2012 12:25:38.863 : TransferBuffer timeout=120000
ALL [SocketController] 28 Nov 2012 12:25:38.864 : SocketController timeout=120000
ALL [SecureSocket] 28 Nov 2012 12:25:38.865 : SecureSocket timeout=120000
ALL [TransferBuffer] 28 Nov 2012 12:25:38.865 : TransferBuffer timeout=120000
ALL [SocketController] 28 Nov 2012 12:25:38.866 : SocketController timeout=120000
DEBUG [SocketController] 28 Nov 2012 12:25:38.928 : Processing hello
ALL [SecureSocket] 28 Nov 2012 12:25:39.056 : SecureSocket timeout=120000
DEBUG [FTPControlSocket] 28 Nov 2012 12:25:39.058 : Command encoding=System.Text.ASCIIEncoding
DEBUG [ExFTPControlSocket] 28 Nov 2012 12:25:39.060 : Created control-socket: SocksContext=, ProxySettings=NoProxy, RemoteHost=ftp.ftpserver.com, controlPort=990, timeout=120000
DEBUG [FTPControlSocket] 28 Nov 2012 12:25:39.061 : StrictReturnCodes=False
ALL [TransferBuffer] 28 Nov 2012 12:25:39.131 : Wait begin: TransferBuffer.Read (timeout=120000)

It almost seems like My dev machine connects to the server by dns name and the production machine uses the IP address.

Any help would be greatly appreciated.

17 Answers

Page:

EDT Support · Answer 1 · 2013-01-29T02:37:18+0000

The most likely reason for this is that the server's certificate (or that of its issuer) has not been installed on the new machine. The administrators will need to do this.

- Hans (EnterpriseDT)

Teknologist · Answer 2 · 2013-02-12T17:01:44+0000

The most likely reason for this is that the server's certificate (or that of its issuer) has not been installed on the new machine. The administrators will need to do this.

- Hans (EnterpriseDT)

The issue appears to be related to running this on a 64 bit machine. When I run the same executable on a 32 machine it runs fine. However it fails on a 64 bit machine, Except the development machine.
We did not install any certificates for this, we never needed to on any of the machines.

Teknologist · Answer 3 · 2013-02-12T19:27:19+0000

Gleaned this from the debug log:

DEBUG [FTPControlSocket] 12 Feb 2013 13:13:03.101 : 220-FileZilla Server version 0.9.32 beta

Not sure if this makes a difference or not...
I dont' control the server but I can suggest to the Server admins that they upgrade.

Teknologist · Answer 4 · 2013-02-12T20:24:54+0000

I also confirmed the certificate is a valid GoDaddy Cert and all of our machines have the appropriate root certificates installed. They are all identical.

support2 · Answer 5 · 2013-02-13T01:48:28+0000

What happens when you use the Filezilla client on the same machine to upload the file?

Teknologist · Answer 6 · 2013-02-13T17:14:20+0000

If I use any other client it works fine.
I have SmartFTP and FileZilla and they both work perfectly with no errors.

support2 · Answer 7 · 2013-02-14T12:03:38+0000

Hmm, I don't think they use the local machine's certificates to validate the supplied certificate for the server.

It looks like you are missing (in the local machine's certificate store) the root certificate of the certificate you are being sent by the server.

Have you examined the server certificate and checked that the root is in the client's store?

Teknologist · Answer 8 · 2013-02-14T16:42:33+0000

I should have mentioned in the post about the Root certificates that I only checked the Local machine's certificates. I would never store a root cert anywhere else...

The Root for the server's certificate is installed in the local machine certificate store. It is a standard Godaddy Cert.

Teknologist · Answer 9 · 2013-02-15T17:20:04+0000

I just manually confirmed that not only are the GoDaddy root certificates installed and the Thumbprints match what GoDaddy has listed on their certificate repository. I also confirmed the server certificate is from a valid Cert authority. All the thumbprints match and the appropriate certificates are indeed installed in the local machine Trusted Root Cert Authorities...
https://certs.godaddy.com/anonymous/repository.pki

In addition the same certificate is used for the website of the company we are trying to upload to and I can view their site normally in any browser with the certificate showing as valid. Which proves the chain of certificates is correct on the machine we are trying to upload from.

So it's back to: what are the differences between a 32 and 64 bit version and or the development version?

It works on any 32 bit machine and on a 32 bit or 64 bit development machine.

Is there anything else you want me to try?

support2 · Answer 10 · 2013-02-18T11:15:45+0000

Perhaps you should email us the server certificate and we'll take a look at it. support at enterprisedt dot com

Certificate error when trying to upload a file

Please log in or register to add a comment.

Please log in or register to answer this question.

17 Answers

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Please log in or register to add a comment.

Categories