Problem with SSL Certificate

Welcome to BestSync Support Forum!
If you have any questions, comments, concerns, suggestion, please summit here, we'll try to reply you in short time.
Thank you!
Post Reply
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Problem with SSL Certificate

Post by shinomen »

I love your program but I have one problem. I can't get it to accept my SSL certificate when doing FTP S.

I get the following error messgae now Success=0, Failed=0, Error=FTP Error:The target principal name is incorrect.

I tried on another computer just now, freshly installed with backup sync and I get the eror message: The certificate's CN name does not match the passed value.

When I read on the internet on what this means, it pretty straight forward: "The SSL certificate name does not match the name provided"
I used another FTP program to test and it show me the certificate name is what it's supposed to be and it allows me to connect.

I'm using an SSL that I just purchased from GoDaddy.com.

What can I do to fix this?
RiseFly
Site Admin
Posts: 1077
Joined: Tue Nov 03, 2009 2:51 pm

Re: Problem with SSL Certificate

Post by RiseFly »

Have you followed the following URL to install the certification?
http://www.risefly.com/help/wzftps.htm
For using SSL, after setup the task, you must start the preview of the task ONCE. Then you will have a chance to install the SSL certificate that is received from the FTP server.
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Re: Problem with SSL Certificate

Post by shinomen »

I did install the certificate as well as the GoDaddy root certificate on one system I was having troubles with. I have not installed it on this system that I'm having problems with yet. I wanted to start off fresh just in case I messed something up on the 1st computer.

The strange thing is that when I go to connect for the first time I don't get the SSL certificate popping up like in the tutorial. I get the error message "The SSL certificate does not match the name provided"

Any other suggestions?
RiseFly
Site Admin
Posts: 1077
Joined: Tue Nov 03, 2009 2:51 pm

Re: Problem with SSL Certificate

Post by RiseFly »

"The SSL certificate does not match the name provided" means that the server name in the certificate does not match the host name of the FTP server. May be you need to modify the hostname of your FTP server to match the SSL certificate, or you need to apply a new certificate that has the host name of the FTP server.
To view the detailed information of the certificate, you can run "mmc certmgr.msc" in the command line to start the certificate manager. Or you can try to delete the certificate in the manager, and let Bestsync to install the certificate again.
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Re: Problem with SSL Certificate

Post by shinomen »

That's what I thought the problem was and that's why I tried another FTP program that displays my certificate. I am connectining to servername.domain.com and the certificate reads servername.domain.com.

My thought was that the program may be adding or changing the information of of the servername.domain.com when it's trying to verify. Is there a way to make the program ignore the certificate and continue?
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Re: Problem with SSL Certificate

Post by shinomen »

Another couple of things to mention. I have the FTP server running on port 2121. I have selected FTPES in the BestSync 2010 program. When I try with FTPS, I get a message right away that says failed to connect to FTP server. I'm using IIS 7 for my FTP-SSL server and I have been able to connect with another program called coreftp.

Thanks.
RiseFly
Site Admin
Posts: 1077
Joined: Tue Nov 03, 2009 2:51 pm

Re: Problem with SSL Certificate

Post by RiseFly »

Please give us somedays to investigate this issue.
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Re: Problem with SSL Certificate

Post by shinomen »

Okay, thank you.
RiseFly
Site Admin
Posts: 1077
Joined: Tue Nov 03, 2009 2:51 pm

Re: Problem with SSL Certificate

Post by RiseFly »

Please download the new version 5.4.02 from our website.
The new version can use the following registry value to force to validate the SSL certificate.
HKEY_LOCAL_MACHINE\SOFTWARE\RiseFly\BestSync 2010
ForceSSLValid=(DWORD) 1

For the FTPS problem, is it possiable that the port 2121 is blocked by the firewall? Or you can run the task by the Preview window of the new version, to see if there is the detailed FTP log data to describle the cause.
shinomen
Posts: 6
Joined: Mon Jun 21, 2010 3:14 pm

Re: Problem with SSL Certificate

Post by shinomen »

Downloaded and installed new version. Without the registry setting it would not connect-same error as before. After creating the registry key I was able to connect and transfer files.

I still can't connect with just FTPS. I'm still not clear on the differences between FTPES and FTPS but my ftp site runs on port 2121, so I imagine if the firewall was blocking port 2121 neither FTPS or FTPES would work.

I wish I could understand why the program does not like my SSL certificate but at least I have the workaround now.

Thanks for all your help.
Post Reply