Archived Forum Post
Index of archived forum posts
Question:
Archived Forum PostQuestion:
We are evaluating your product to do an FTP/SSL connection as the last tool we used never worked. Your component seems to offer a lot more potential esp with the verbose debugging.
I am loading a client side cert with the command:
Cert cert = cert.LoadByCommonName("OurCertCommentName");
The log says the cert is found but we see the following message:
Found cert in CurrentUser/ROOT createFromMsCert: msCertGetPrivateKey: No key provider info is available. Failed to get key provider info. --msCertGetPrivateKey --createFromMsCert --msFindByCommonName Success. --LoadByCommonName
Is this an error I need to be concerned about or only a warning that I can ignore?
Later the Ftp.Connect() says it succeeds although I see the same message in the FTP connection log.
Then I do an Ftp.PutFile() where I again see the same message in its log and then my "put" times out after 60 seconds with the following (abbreviated) errors:
Found cert in CurrentUser/ROOT createFromMsCert: msCertGetPrivateKey: No key provider info is available. Failed to get key provider info. --msCertGetPrivateKey --createFromMsCert --cacheClientCerts clientHandshake2: Timeout waiting to read socket or accept connection timeoutMs: 60000 Timed out waiting for incoming SSL/TLS messages. timeoutMs: 60000 Expected ServerHello but did not receive it. --clientHandshake2 --clientHandshake Client handshake failed. (1) connectionClosed: 0 --convertToTls --ConvertDataConnToTls ConvertToTls: Elapsed time: 60029 millisec Failed to convert data connection to TLS --convertDataConnToSsl --uploadFromDataSource --uploadFromLocalFile TotalTime: Elapsed time: 60685 millisec Failed.
It means the certificate was never installed with the associated private key. A certificate with private key will typically be installed from a .pfx / .p12 (PKCS12) file. (The .pfx and .p12 extensions are just different names for the exact same file format.) A .cer file contains only the certificate + public key (which is embedded within the X.509 certificate data), but it does not contain the private key.
You'll need to either re-import the certificate from a .pfx/.p12, or you may use the .pfx/.p12 directly from Chilkat without needing to involve the Microsoft registry-based certificate stores at all..
Finally, you only need an SSL/TLS certificate if the FTP server is requiring a client-side certificate for authentication purposes. This is usually only found in high-security applications, such as banking. Typically, FTP over SSL does not require a client-side certificate.
Thank you for your quick response. This is in fact for a high-profile banking institution so they do require a Client Side cert.
I tried two approaches to address the problem but neither have worked.
I then loaded our private key file using the PrivateKey LoadEncryptedPemFile() (using our password)
I then applied the private key to the cert using the Cert SetPrivateKey() method
And finally, I applied the cert to the FTP object using the SetSslClientCert() method.
At each step I logged and examined the LastErrorText and each step says it succeeded.
I used the Cert LoadByCommonName() method to load the cert
I applied the cert to the FTP object using the SetSslClientCert() method.
Again, at each step I logged and examined the LastErrorText and each step says it succeeded.
With either of the two approaches for loading the certificate, we are still seeing the error:
Found cert in CurrentUser/ROOT
createFromMsCert:
msCertGetPrivateKey:
No key provider info is available.
Failed to get key provider info.
--msCertGetPrivateKey
--createFromMsCert
--cacheClientCerts
The other key points to note about this scenario:
Do you have any other suggestions?
If we were to purchase your software do you have any soft of technical support that might be able to help us solve this issue?
Thanks again
Courtney