Question : How do I acquire the self-signed CA certificate used by a FTPS server

I have to upload files to a FTPS server (explicit encryption). Their certificate is self signed.

How can I get their CA public key to import so I can automatically trust all certificates they issue? I ran gnutls-cli, output is below.

Code Snippet:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41:

$ gnutls-cli -V --x509cafile /etc/ssl/certs/ca-certificates.crt ftp.wwf.nl Processed 102 CA certificate(s). Resolving 'ftp.wwf.nl'... Connecting to '212.61.105.172:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: # The hostname in the certificate does NOT match 'ftp.wwf.nl'. # valid since: Mon Jul 30 11:26:00 CEST 2007 # expires at: Mon Jul 30 11:26:00 CEST 2012 # serial number: 02:1C:11:F7:9E:98:7D:F7:D4:B1:8F:9C:2C:B0:4F:E0:05:D3:15:43:57:8B:5D:31:06:5A:CA:11:60:34:02:02:04:9F # fingerprint: 84:A7:D3:3E:2C:4B:85:33:13:F8:05:38:C9:BC:B1:86 # version: #3 # public key algorithm: RSA (2048 bits) # e [24 bits]: 01:00:01 # m [2048 bits]: F9:08:6F:6A:AE:05:FA:38:25:B8:DA:1E:3A:F5:F9:BF:53:E1:CD:81:61:33:FF:64:C4:EC:5F:89:86:3C:56:D2:3E:7D:F2:31:60:03:9B:4C:54:D3:2D:AC:D3:28:E7:EB:1E:8C:B3:99:38:04:9B:9D:B2:AF:3D:7F:9E:45:B7:95:91:73:0E:7E:A9:28:1F:2A:83:E9:D4:11:2B:FB:D4:A5:50:57:79:F4:87:E0:0A:DF:5B:78:34:BA:FE:1E:11:50:E7:C2:49:7D:9E:5D:CE:E9:76:42:1C:C6:18:4C:CE:52:37:34:49:28:7B:A9:F9:89:EC:BA:49:42:D9:1A:3E:A0:00:F8:53:F5:37:8B:EE:CE:92:C0:45:B9:C3:77:A0:A8:47:EF:0E:E6:8E:CB:85:5F:DD:70:19:A8:7C:BA:BC:E3:DF:7C:4A:D7:6E:CA:8A:69:49:57:27:AD:D3:EE:37:24:8B:67:BE:09:44:C7:F9:34:19:46:99:1C:F5:B2:74:BB:CB:9D:E2:01:3A:5E:8C:96:DB:A9:42:E9:AE:64:4E:3D:04:18:48:73:0F:C3:9B:DB:6B:0D:01:1F:49:83:FF:21:30:F7:E6:22:BA:E9:F3:20:E3:4C:6E:B3:EB:64:BB:FB:9C:0D:93:58:CC:D0:DD:7B:C7:C8:F3:F0:02:0D:10:93 # Subject's DN: C=NL,ST=Utrecht,L=Zeist,O=WWF-NL,OU=IT,CN=lynx.wwf.nl,[email protected] # Issuer's DN: O=NL,OU=Organizational CA - Certificate[1] info: # valid since: Thu Sep 27 16:29:39 CEST 2007 # expires at: Wed Sep 25 16:29:39 CEST 2013 # serial number: 00:CE:0E:59:8F:C5:70:38:AF # fingerprint: C0:30:90:E0:93:A4:0A:5B:3C:C0:D6:DC:97:EE:25:D1 # version: #1 # public key algorithm: RSA (2048 bits) # e [24 bits]: 01:00:01 # m [2048 bits]: D2:50:D1:45:27:DC:31:41:39:FC:91:CD:06:EB:28:32:FF:4B:E9:C1:2C:E0:1C:AF:E1:A8:BB:B9:9D:E3:FF:7E:9D:01:68:82:59:97:18:93:C7:E3:A8:2C:A3:61:80:B2:38:D8:2F:7F:F3:B3:EA:85:2B:7C:31:B1:62:70:3D:C4:0B:92:09:AC:EA:D4:01:62:7E:E7:8A:C6:A4:7D:8C:94:D0:2B:25:D5:78:F9:19:46:9E:40:BB:DD:9C:99:3C:8F:0C:33:D7:72:05:B2:23:60:0F:66:40:57:15:79:4E:84:07:EC:6F:10:7A:AB:6C:76:75:BC:EC:94:4B:B5:DB:6F:F8:1B:0C:D6:2F:47:09:25:0C:00:DB:E1:BB:B8:C6:77:1F:60:FA:18:F5:F9:0A:A0:66:D0:37:B9:B3:54:A7:2D:BF:24:C2:4C:F9:6B:68:B7:EB:5B:57:A5:28:C5:19:55:EA:42:B9:E4:8E:A1:D7:73:20:B5:AD:F9:DE:FC:FB:0D:28:BF:6A:91:F6:5E:4F:C4:4D:C5:0D:70:D2:C4:5A:A3:0F:8C:5D:17:07:DD:12:AD:AD:DB:D5:D5:9A:07:2B:AE:1B:8B:9F:4C:93:59:99:3C:B7:2D:54:37:64:52:84:93:CB:8F:F3:C7:10:CE:A6:88:22:EC:AD:A2:D1:63:37:A9 # Subject's DN: C=XY,ST=unknown,L=unknown,O=SuSE Linux Web Server,OU=CA,CN=*.wwf.nl,[email protected] # Issuer's DN: C=XY,ST=unknown,L=unknown,O=SuSE Linux Web Server,OU=CA,CN=*.wwf.nl,[email protected] - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS 1.0 - Key Exchange: DHE RSA - Cipher: AES 256 CBC - MAC: SHA - Compression: NULL *** Verifying server certificate failed...

Open in New Window

Select All

Answer : How do I acquire the self-signed CA certificate used by a FTPS server

Well, they don't. I ended up calling them to ask for it and they mailed it to me.