Fatal error 'UnknownCa' has been reported by the remote connection end.

0 votes
asked Feb 25, 2016 by AhmetA (190 points)

Hi, I try to connect remote FTPS connection with implicit SSL . using FTP over SSL library but I get a problem right now.
It seems that error comes from remote server and server do not accept my client certificate. Actually I connected remote and transferred files with CuteFTP program but I can not succeeded with c# code.

Log:

2016-02-25 14:35:11.908 Opening log file.
2016-02-25 14:35:11.908 Using FileLogWriter version 2.0.5885.0.
2016-02-25 14:35:14.325 INFO Ftp(1)[8] Info: Connecting to 62.XXX.XXX.98:990 using Ftp 4.0.5885.0 (trial version).
2016-02-25 14:35:14.337 INFO Ftp(1)[8] Info: Using proxy none.
2016-02-25 14:35:14.367 DEBUG Ftp(1)[8] Info: Connection succeeded.
2016-02-25 14:35:14.372 DEBUG Ftp(1)[8] Info: Upgrading control connection to TLS/SSL.
2016-02-25 14:35:14.397 INFO Ftp(1)[8] TLS: State StateChange:Negotiating
2016-02-25 14:35:14.397 DEBUG Ftp(1)[8] TLS: HandshakeMessage:ClientHello was sent.
2016-02-25 14:35:14.418 DEBUG Ftp(1)[8] TLS: HandshakeMessage:ServerHello was received.
2016-02-25 14:35:14.419 INFO Ftp(1)[8] TLS: Client requested TLS 1.2, server is asking for TLS 1.0.
2016-02-25 14:35:14.421 DEBUG Ftp(1)[8] TLS: HandshakeMessage:Certificate was received.
2016-02-25 14:35:14.422 DEBUG Ftp(1)[8] TLS: HandshakeMessage:CertificateRequest was received.
2016-02-25 14:35:14.422 DEBUG Ftp(1)[8] TLS: HandshakeMessage:ServerHelloDone was received.
2016-02-25 14:35:14.424 DEBUG Ftp(1)[8] TLS: Verifying server certificate ('E=destek@xxx.com.tr, S=TR, O=BKM, OU=FTP, L=Istanbul, CN=sftp.xxx.com.tr, C=TR').
2016-02-25 14:35:14.426 DEBUG Ftp(1)[8] TLS: Certificate verification result: Accept
2016-02-25 14:35:14.430 DEBUG Ftp(1)[8] TLS: Client certificate authentication was requested.
2016-02-25 14:35:14.431 DEBUG Ftp(1)[8] TLS: Suitable client certificate is available ('CN=http://www.xxxx.com/tr/xxxx/, OU=xxx  Services Analysis&Software, O=xxx xxxx xxxx xxxx, L=Eyup, S=Istanbul, C=TR').
2016-02-25 14:35:14.432 DEBUG Ftp(1)[8] TLS: HandshakeMessage:Certificate was sent.
2016-02-25 14:35:14.433 DEBUG Ftp(1)[8] TLS: HandshakeMessage:ClientKeyExchange was sent.
2016-02-25 14:35:14.447 INFO Ftp(1)[8] TLS: Performing client certificate authentication.
2016-02-25 14:35:14.469 DEBUG Ftp(1)[8] TLS: HandshakeMessage:CertificateVerify was sent.
2016-02-25 14:35:14.470 DEBUG Ftp(1)[8] TLS: CipherSpec:ChangeCipherSpec was sent.
2016-02-25 14:35:14.470 DEBUG Ftp(1)[8] TLS: HandshakeMessage:Finished was sent.
2016-02-25 14:35:14.473 INFO Ftp(1)[8] TLS: Alert Alert:Alert was received.
2016-02-25 14:35:14.514 DEBUG Ftp(1)[8] TLS: Error while processing TLS packet: Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
   at Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
   at Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
   at Rebex.Net.UAI.OP()
2016-02-25 14:35:14.516 INFO Ftp(1)[8] TLS: Alert Alert:Alert was sent.
2016-02-25 14:35:14.516 INFO Ftp(1)[8] TLS: State StateChange:Closed
2016-02-25 14:35:14.578 DEBUG Ftp(1)[8] TLS: Closing TLS socket.
2016-02-25 14:35:14.649 ERROR Ftp(1)[8] Info: Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end. ---> Rebex.Net.TlsException: Fatal error 'UnknownCa' has been reported by the remote connection end.
   at Rebex.Net.WAI.XR(Byte[] U, Int32 W, Int32 R)
   at Rebex.Net.UAI.PP(Byte[] U, Int32 W, Int32 R)
   at Rebex.Net.UAI.OP()
   --- End of inner exception stack trace ---
   at Rebex.Net.UAI.OP()
   at Rebex.Net.UAI.JP()
   at Rebex.Net.TlsSocket.Negotiate()
   at Rebex.Net.QCI.EW(TlsParameters U)
   at Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)
   --- End of inner exception stack trace ---
   at Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)
   --- End of inner exception stack trace ---
   at Rebex.Net.Ftp.AX(String U, Int32 W, TlsParameters R, SslMode I, FtpSecureUpgradeType Q)

My Code :

Ftp ftp = new Ftp();
string certPath = @"C:\Users\xxx\Desktop\CertRebex.pfx";

CertificateChain certificateChain = CertificateChain.LoadPfx(certPath, "abcd.1234");

ftp.Settings.SslClientCertificateRequestHandler = CertificateRequestHandler.CreateRequestHandler(certificateChain);

ftp.Settings.SslAcceptAllCertificates = true;

string ftpUri = @"ftp://62.XXX.XXX.98:990/0900";

ftp.LogWriter = new Rebex.FileLogWriter(@"C:\Users\xxx\Desktop\Rebexlog.txt", Rebex.LogLevel.Debug);

// Connect securely using explicit SSL.
ftp.Connect(ftpUri, 990, SslMode.Implicit);

ftp.Login(UserName, Password);
Applies to: Rebex FTP/SSL

1 Answer

0 votes
answered Feb 25, 2016 by AhmetA (190 points)
selected Feb 25, 2016 by Tomas Knopp
 
Best answer

I solved the problem. I must be sure that my certificate comes from right CA.

commented Feb 25, 2016 by Tomas Knopp (58,890 points)
Yes, this is what the "Unknown CA" server error means. Unknown certificate authority. Thanks for posting back.
...