Page 1 of 1

Problem with SSL Certificate

Posted: Mon Jun 21, 2010 3:38 pm
by shinomen
I love your program but I have one problem. I can't get it to accept my SSL certificate when doing FTP S.

I get the following error messgae now Success=0, Failed=0, Error=FTP Error:The target principal name is incorrect.

I tried on another computer just now, freshly installed with backup sync and I get the eror message: The certificate's CN name does not match the passed value.

When I read on the internet on what this means, it pretty straight forward: "The SSL certificate name does not match the name provided"
I used another FTP program to test and it show me the certificate name is what it's supposed to be and it allows me to connect.

I'm using an SSL that I just purchased from GoDaddy.com.

What can I do to fix this?

Re: Problem with SSL Certificate

Posted: Mon Jun 21, 2010 10:12 pm
by RiseFly
Have you followed the following URL to install the certification?
http://www.risefly.com/help/wzftps.htm
For using SSL, after setup the task, you must start the preview of the task ONCE. Then you will have a chance to install the SSL certificate that is received from the FTP server.

Re: Problem with SSL Certificate

Posted: Mon Jun 21, 2010 10:47 pm
by shinomen
I did install the certificate as well as the GoDaddy root certificate on one system I was having troubles with. I have not installed it on this system that I'm having problems with yet. I wanted to start off fresh just in case I messed something up on the 1st computer.

The strange thing is that when I go to connect for the first time I don't get the SSL certificate popping up like in the tutorial. I get the error message "The SSL certificate does not match the name provided"

Any other suggestions?

Re: Problem with SSL Certificate

Posted: Tue Jun 22, 2010 4:11 am
by RiseFly
"The SSL certificate does not match the name provided" means that the server name in the certificate does not match the host name of the FTP server. May be you need to modify the hostname of your FTP server to match the SSL certificate, or you need to apply a new certificate that has the host name of the FTP server.
To view the detailed information of the certificate, you can run "mmc certmgr.msc" in the command line to start the certificate manager. Or you can try to delete the certificate in the manager, and let Bestsync to install the certificate again.

Re: Problem with SSL Certificate

Posted: Tue Jun 22, 2010 5:18 pm
by shinomen
That's what I thought the problem was and that's why I tried another FTP program that displays my certificate. I am connectining to servername.domain.com and the certificate reads servername.domain.com.

My thought was that the program may be adding or changing the information of of the servername.domain.com when it's trying to verify. Is there a way to make the program ignore the certificate and continue?

Re: Problem with SSL Certificate

Posted: Tue Jun 22, 2010 5:32 pm
by shinomen
Another couple of things to mention. I have the FTP server running on port 2121. I have selected FTPES in the BestSync 2010 program. When I try with FTPS, I get a message right away that says failed to connect to FTP server. I'm using IIS 7 for my FTP-SSL server and I have been able to connect with another program called coreftp.

Thanks.

Re: Problem with SSL Certificate

Posted: Wed Jun 23, 2010 3:14 pm
by RiseFly
Please give us somedays to investigate this issue.

Re: Problem with SSL Certificate

Posted: Wed Jun 23, 2010 6:19 pm
by shinomen
Okay, thank you.

Re: Problem with SSL Certificate

Posted: Fri Jun 25, 2010 11:38 pm
by RiseFly
Please download the new version 5.4.02 from our website.
The new version can use the following registry value to force to validate the SSL certificate.
HKEY_LOCAL_MACHINE\SOFTWARE\RiseFly\BestSync 2010
ForceSSLValid=(DWORD) 1

For the FTPS problem, is it possiable that the port 2121 is blocked by the firewall? Or you can run the task by the Preview window of the new version, to see if there is the detailed FTP log data to describle the cause.

Re: Problem with SSL Certificate

Posted: Sat Jun 26, 2010 11:30 am
by shinomen
Downloaded and installed new version. Without the registry setting it would not connect-same error as before. After creating the registry key I was able to connect and transfer files.

I still can't connect with just FTPS. I'm still not clear on the differences between FTPES and FTPS but my ftp site runs on port 2121, so I imagine if the firewall was blocking port 2121 neither FTPS or FTPES would work.

I wish I could understand why the program does not like my SSL certificate but at least I have the workaround now.

Thanks for all your help.