We are evaluating your product to do an FTP/SSL connection as the last tool we used never worked. Your component seems to offer a lot more potential esp with the verbose debugging.
I am loading a client side cert with the command:
Cert cert = cert.LoadByCommonName("OurCertCommentName");
The log says the cert is found but we see the following message:
Found cert in CurrentUser/ROOT createFromMsCert: msCertGetPrivateKey: No key provider info is available. Failed to get key provider info. --msCertGetPrivateKey --createFromMsCert --msFindByCommonName Success. --LoadByCommonName
Is this an error I need to be concerned about or only a warning that I can ignore?
Later the Ftp.Connect() says it succeeds although I see the same message in the FTP connection log.
Then I do an Ftp.PutFile() where I again see the same message in its log and then my "put" times out after 60 seconds with the following (abbreviated) errors:
Found cert in CurrentUser/ROOT createFromMsCert: msCertGetPrivateKey: No key provider info is available. Failed to get key provider info. --msCertGetPrivateKey --createFromMsCert --cacheClientCerts clientHandshake2: Timeout waiting to read socket or accept connection timeoutMs: 60000 Timed out waiting for incoming SSL/TLS messages. timeoutMs: 60000 Expected ServerHello but did not receive it. --clientHandshake2 --clientHandshake Client handshake failed. (1) connectionClosed: 0 --convertToTls --ConvertDataConnToTls ConvertToTls: Elapsed time: 60029 millisec Failed to convert data connection to TLS --convertDataConnToSsl --uploadFromDataSource --uploadFromLocalFile TotalTime: Elapsed time: 60685 millisec Failed.
It means the certificate was never installed with the associated private key. A certificate with private key will typically be installed from a .pfx / .p12 (PKCS12) file. (The .pfx and .p12 extensions are just different names for the exact same file format.) A .cer file contains only the certificate + public key (which is embedded within the X.509 certificate data), but it does not contain the private key.
You'll need to either re-import the certificate from a .pfx/.p12, or you may use the .pfx/.p12 directly from Chilkat without needing to involve the Microsoft registry-based certificate stores at all..
Finally, you only need an SSL/TLS certificate if the FTP server is requiring a client-side certificate for authentication purposes. This is usually only found in high-security applications, such as banking. Typically, FTP over SSL does not require a client-side certificate.
Thank you for your quick response. This is in fact for a high-profile banking institution so they do require a Client Side cert.
I tried two approaches to address the problem but neither have worked.
I then loaded our private key file using the PrivateKey LoadEncryptedPemFile() (using our password)
I then applied the private key to the cert using the Cert SetPrivateKey() method
And finally, I applied the cert to the FTP object using the SetSslClientCert() method.
At each step I logged and examined the LastErrorText and each step says it succeeded.
I used the Cert LoadByCommonName() method to load the cert
I applied the cert to the FTP object using the SetSslClientCert() method.
Again, at each step I logged and examined the LastErrorText and each step says it succeeded.
With either of the two approaches for loading the certificate, we are still seeing the error:
Found cert in CurrentUser/ROOT createFromMsCert: msCertGetPrivateKey: No key provider info is available. Failed to get key provider info. --msCertGetPrivateKey --createFromMsCert --cacheClientCerts
The other key points to note about this scenario:
Do you have any other suggestions?
If we were to purchase your software do you have any soft of technical support that might be able to help us solve this issue?