添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
至今单身的野马  ·  linux diff的基本用法介绍 | ...·  2 周前    · 
乖乖的芹菜  ·  Codon, un compilateur ...·  1 月前    · 
冲动的梨子  ·  「读书感悟系列」原则:应对变化中的世界秩序( ...·  3 月前    · 
绅士的熊猫  ·  中国人民武装警察部队特种警察学院_百度百科·  3 月前    · 
个性的紫菜汤  ·  汇源果汁停牌20个月面临退市 朱新礼四收限制消费令·  4 月前    · 
link管理  ›  [No-Bug] FTPS Intermediate Certificate not trusted when using Windows Cert Store :: Support Forum ::
https://winscp.net/forum/viewtopic.php?t=24904
发财的楼房
4 月前
An intermediate certificate is not trusted (and so the whole server certificate), when it's only referenced through the root CA and not stored within the "trusted intermediate CAs". When you take the root CA certificate, put it into a cacert.pem aside a winscp.exe (which normally isn't there), the complete chain is trusted. I assume, when a cacert.pem exists, WinSCP lets OpenSSL check the trust and doesn't use Windows Cert Store. This is proof enough for me that it only depends on WinSCPs certificate handling when using windows cert store and it's not a bad ftp server configuration. But anyway, all information and documentation you should need I'll give you with a lot of files:
Last edited by Prisma on 2017-05-19 08:39; edited 1 time in total
using certutil.exe I got also an error. So, relying on Windows Cert Store it's no wonder that winscp doesn't accept the cert. I documented it here: https://community.letsencrypt.org/t/ms-certutil-verify-fails-for-cert-pem-and-fullchain-pem-why/34276 I think this is nothing under our control. The only thing I wonder is, that certutil throws another error: 0x80092004 CRYPT_E_NOT_FOUND ...   Namenshash (sha1): 7ee66ae7729ab3fcf8a220646c16a12d6071085d   Namenshash (md5): c0350a4a6f6b94d938b5003a57bb4867 Antragsteller:     CN=www.mydomain.de   Namenshash (sha1): 0a45f24e027192b7863afb1e0896e88a94c74305   Namenshash (md5): 6bdef80a3a02c62b498e6a554094b1ed Zertifikatseriennummer: 034dde82f2a0e66c92ee29ebede3fa80e6c7 dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000) HCCE_LOCAL_MACHINE CERT_CHAIN_POLICY_BASE -------- CERT_CHAIN_CONTEXT -------- ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) ChainContext.dwRevocationFreshnessTime: 1 Days, 13 Hours, 20 Minutes, 36 Seconds SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) SimpleChain.dwRevocationFreshnessTime: 1 Days, 13 Hours, 20 Minutes, 36 Seconds CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0   Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US   NotBefore: 11.05.2017 02:38   NotAfter: 09.08.2017 02:38   Subject: CN=www.mydomain.de   Serial: 034dde82f2a0e66c92ee29ebede3fa80e6c7   SubjectAltName: DNS-Name=mydomain.de, DNS-Name=mydomain.eu, DNS-Name=www.mydomain.de, DNS-Name=www.mydomain.eu   Cert: c4ea64889db020e794a247293944a18b5ec3177b   Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)   Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)   ----------------  Zertifikat abrufen  ----------------   Überprüft "Zertifikat (0)" Zeit: 0     [0.0] http://cert.int-x3.letsencrypt.org/   ----------------  Zertifikat abrufen  ----------------   Keine URLs "Keine" Zeit: 0   ----------------  Basissperrliste veraltet  ----------------   Keine URLs "Keine" Zeit: 0   ----------------  Zertifikat-OCSP  ----------------   Überprüft "OCSP" Zeit: 0     [0.0] http://ocsp.int-x3.letsencrypt.org/   --------------------------------     CRL (null):     Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US     ThisUpdate: 17.05.2017 03:00     NextUpdate: 24.05.2017 03:00     CRL: 8892a5c37e9e1b18b6d7cf54acdc6d86e0809e95   Issuance[0] = 2.23.140.1.2.1   Issuance[1] = 1.3.6.1.4.1.44947.1.1.1   Application[0] = 1.3.6.1.5.5.7.3.1 Serverauthentifizierung   Application[1] = 1.3.6.1.5.5.7.3.2 Clientauthentifizierung CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0   Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.   NotBefore: 17.03.2016 18:40   NotAfter: 17.03.2021 18:40   Subject: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US   Serial: 0a0141420000015385736a0b85eca708   Cert: e6a3b45b062d509b3382282d196efe97d5956ccb   Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)   Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)   ----------------  Zertifikat abrufen  ----------------   Überprüft "Zertifikat (0)" Zeit: 0     [0.0] http://apps.identrust.com/roots/dstrootcax3.p7c   ----------------  Zertifikat abrufen  ----------------   Überprüft "Basissperrliste (aa)" Zeit: 0     [0.0] http://crl.identrust.com/DSTROOTCAX3CRL.crl   ----------------  Basissperrliste veraltet  ----------------   Keine URLs "Keine" Zeit: 0   ----------------  Zertifikat-OCSP  ----------------   Überprüft "OCSP" Zeit: 0     [0.0] http://isrg.trustid.ocsp.identrust.com   --------------------------------     CRL (null):     Issuer: [email protected], CN=DST CA X3 OCSP Signer, OU=DST, O=Digital Signature Trust, C=US     ThisUpdate: 18.05.2017 11:26     NextUpdate: 19.05.2017 11:26     CRL: eb82fdefaeabf9244e9c8fc1c052797fa08edd94   Issuance[0] = 2.23.140.1.2.1   Issuance[1] = 1.3.6.1.4.1.44947.1.1.1   Application[0] = 1.3.6.1.5.5.7.3.4 Sichere E-Mail   Application[1] = 1.3.6.1.5.5.7.3.1 Serverauthentifizierung   Application[2] = 1.3.6.1.5.5.7.3.2 Clientauthentifizierung   Application[3] = 1.3.6.1.5.5.7.3.8 Zeitstempel   Application[4] = 1.3.6.1.4.1.311.10.3.4 Verschlüsselndes Dateisystem   Application[5] = 1.3.6.1.4.1.311.10.3.12 Dokumentsignatur CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0   Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.   NotBefore: 30.09.2000 23:12   NotAfter: 30.09.2021 16:01   Subject: CN=DST Root CA X3, O=Digital Signature Trust Co.   Serial: 44afb080d6a327ba893039862ef8406b   Cert: dac9024f54d8f6df94935fb1732638ca6ad77c13   Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)   Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)   Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)   ----------------  Zertifikat abrufen  ----------------   Keine URLs "Keine" Zeit: 0   ----------------  Zertifikat abrufen  ----------------   Keine URLs "Keine" Zeit: 0   ----------------  Zertifikat-OCSP  ----------------   Keine URLs "Keine" Zeit: 0   --------------------------------   Application[0] = 1.3.6.1.5.5.7.3.4 Sichere E-Mail   Application[1] = 1.3.6.1.5.5.7.3.1 Serverauthentifizierung   Application[2] = 1.3.6.1.5.5.7.3.2 Clientauthentifizierung   Application[3] = 1.3.6.1.5.5.7.3.8 Zeitstempel   Application[4] = 1.3.6.1.4.1.311.10.3.4 Verschlüsselndes Dateisystem   Application[5] = 1.3.6.1.4.1.311.10.3.12 Dokumentsignatur Exclude leaf cert:   Chain: 8b7ab36ece90ebb699b18f9d2bfafc4c6bc4d40f Full chain:   Chain: 7e00edb48331966cc2699a2c8e01ce0e21803e4d   Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US   NotBefore: 11.05.2017 02:38   NotAfter: 09.08.2017 02:38   Subject: CN=www.mydomain.de   Serial: 034dde82f2a0e66c92ee29ebede3fa80e6c7   SubjectAltName: DNS-Name=mydomain.de, DNS-Name=mydomain.eu, DNS-Name=www.mydomain.de, DNS-Name=www.mydomain.eu   Cert: c4ea64889db020e794a247293944a18b5ec3177b Das Objekt oder die Eigenschaft wurde nicht gefunden. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND) ------------------------------------ CertUtil: -verify-Befehl ist fehlgeschlagen: 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND) CertUtil: Das Objekt oder die Eigenschaft wurde nicht gefunden.
 
推荐文章
至今单身的野马  ·  linux diff的基本用法介绍 | ExASIC的IC技术圈专栏
2 周前
乖乖的芹菜  ·  Codon, un compilateur Python avec les performances qui seraient équivalentes à celles de C/C++, et p
1 月前
冲动的梨子  ·  「读书感悟系列」原则:应对变化中的世界秩序(达利欧)-CSDN博客
3 月前
绅士的熊猫  ·  中国人民武装警察部队特种警察学院_百度百科
3 月前
个性的紫菜汤  ·  汇源果汁停牌20个月面临退市 朱新礼四收限制消费令
4 月前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台