Alois Mahdal
2013-03-14 00:21:32 UTC
Hello,
I'm trying to automate mirroring of a group of files to my
ISP's FTP servers. My ISP is using wild-card certificate signed
by GeoTrust.
Now I have downloaded GeoTrust CA cert and am trying to make
lftp use it to verify FTP server cert. However, all
verifications fail.
I'm pretty sure this is the correct CA, since I have been
successfully using it for long time with Opera and HTTP server
which is using the same server cert as well.
What I'm doing now:
SSL_CA_FILE="$HOME/geotrust.pem"
lftp -c "set ftp:list-options -a;
set ssl:ca-file $SSL_CA_FILE
open ftp://user:***@host;
set ssl:verify-certificate yes
lcd /home/me/my/local/dir;
cd /the/right/place;
mirror --reverse \
--delete \
--verbose"
And what I get is
cd: Fatal error: Certificate verification: Not trusted
mirror: Fatal error: Certificate verification: Not trusted
With `debug 9`:
http://pastebin.com/RXgfHt5
What is most confusing is the
gnutls_x509_crt_list_import: The peer did not send any
certificate.
But certificate is shown in the output few lines below! (Also,
I'm not sure if the gnome-keyring warning is relevant, I read
that it is shown due to bug in Debian and has been showing in
many other programs, but all seems to work...)
How should I troubleshoot this? I tried other formats (p7,
X.509) as well--behavior is the same.
The version is 4.3.6, with GnuTLS 2.12.20, on Debian Wheezy.
Thank you
Alois Mahdal
I'm trying to automate mirroring of a group of files to my
ISP's FTP servers. My ISP is using wild-card certificate signed
by GeoTrust.
Now I have downloaded GeoTrust CA cert and am trying to make
lftp use it to verify FTP server cert. However, all
verifications fail.
I'm pretty sure this is the correct CA, since I have been
successfully using it for long time with Opera and HTTP server
which is using the same server cert as well.
What I'm doing now:
SSL_CA_FILE="$HOME/geotrust.pem"
lftp -c "set ftp:list-options -a;
set ssl:ca-file $SSL_CA_FILE
open ftp://user:***@host;
set ssl:verify-certificate yes
lcd /home/me/my/local/dir;
cd /the/right/place;
mirror --reverse \
--delete \
--verbose"
And what I get is
cd: Fatal error: Certificate verification: Not trusted
mirror: Fatal error: Certificate verification: Not trusted
With `debug 9`:
http://pastebin.com/RXgfHt5
What is most confusing is the
gnutls_x509_crt_list_import: The peer did not send any
certificate.
But certificate is shown in the output few lines below! (Also,
I'm not sure if the gnome-keyring warning is relevant, I read
that it is shown due to bug in Debian and has been showing in
many other programs, but all seems to work...)
How should I troubleshoot this? I tried other formats (p7,
X.509) as well--behavior is the same.
The version is 4.3.6, with GnuTLS 2.12.20, on Debian Wheezy.
Thank you
Alois Mahdal