![]() This needs to be done on the server side, Yobviously.you can generate the certificate with PowerShell instead until the issue is fixed by Microsoft. How to generate a valid certificate with IIS On the client side, you can either disable TLS, downgrade to an earlier version of FileZilla (neither of these is recommended due to potential security risks), or use a different client which uses another library such as OpenSSL for now. OpenSSL is much more relaxed about this and won’t fail because of it, so it may work with other apps. ![]() This is a problem with the certificate generation of Microsoft IIS (but may also happen if you incorrectly generated a certificate with another method), as it does not allow the certificates to be used for digital signatures. For example a certificate with a key usage restriction to signing cannot be used to authenticate TLS connections. In any case, the problem is with your server’s X.509 certificate chain: Either the server certificate itself or another certificate in the chain has a key usage restriction that is violated. Quoting Tim Kosse’s post in the FileZilla forum thread: This is a server-side issue, and it did not appear previously because earlier versions of FileZilla shipped with a GnuTLS version that didn’t make this check. This is a problem with the certificate generation of Microsoft IIS, as it does not allow the certificates to be used for digital signatures. The problem is with self signed certificate on server side. ![]() Encryption: Require explicit FTP over TLS. ![]() Your configuration settings are something like this : When you connect to ftp server create with Microsoft IIS using Filezilla Client you should have this error GnuTLS error -48: Key usage violation in certificate has been detected. ![]()
0 Comments
Leave a Reply. |