Hello.
Is there a profile configuration option that forces the SSL/TLS connection when updating the certificate?
I know there is the /ACCEPTSERVER command line, but I wanted acceptance to be automatic (configured in the profile).
Force SSL/TLS connection for new certificate.
-
tiagocoelho2
- Posts: 43
- Joined: Sun Jul 19, 2020 10:25 am
Force SSL/TLS connection for new certificate.
- Attachments
-
- SSLTLS.png (28.86 KiB) Viewed 12954 times
Re: Force SSL/TLS connection for new certificate.
Hello,
since the error is "Hostname mismatch", please try to specify the correct hostname (subdomain.domain) from the "Subject" of the certificate in the FTP URL.
If this is not possible, you can force allowing all SSL Certificates by adding this line to the [Main] section in Syncovery.ini:
AcceptAllSSLCertificates=1
Or you can add a PascalScript like the following to the profile, which can accept the certificate with some basic checks:
since the error is "Hostname mismatch", please try to specify the correct hostname (subdomain.domain) from the "Subject" of the certificate in the FTP URL.
If this is not possible, you can force allowing all SSL Certificates by adding this line to the [Main] section in Syncovery.ini:
AcceptAllSSLCertificates=1
Or you can add a PascalScript like the following to the profile, which can accept the certificate with some basic checks:
Code: Select all
function OnVerifyTLSCertificate(const ServerURL,Subject,IssuedTo,IssuedBy,
ValidFrom,ValidTo,SerialNumber,SHA1,StatusText:UnicodeString;
var CertificateOK:Boolean):Boolean;
begin
Result:=true;
CertificateOK:=(Pos('Let''s Encrypt',IssuedBy)>0) and
(StatusText='hostname mismatch');
end;-
tiagocoelho2
- Posts: 43
- Joined: Sun Jul 19, 2020 10:25 am
Re: Force SSL/TLS connection for new certificate.
Thanks.
Solved with PascalScript.
Solved with PascalScript.
Re: Force SSL/TLS connection for new certificate.
Hello!
Sorry for bringing up this old thread, but i have a similar problem with certificates.
Everytime the server issues a new certificate i need to manually run the profile and accept the certificate.
So i tried the "AcceptAllSSLCertificates=1" option as stated by tobias and restarted the Service but still same problem.
Im running a rather old version (8.42), does this version even recognize "AcceptAllSSLCertificates" ?
Sorry for bringing up this old thread, but i have a similar problem with certificates.
Everytime the server issues a new certificate i need to manually run the profile and accept the certificate.
So i tried the "AcceptAllSSLCertificates=1" option as stated by tobias and restarted the Service but still same problem.
Im running a rather old version (8.42), does this version even recognize "AcceptAllSSLCertificates" ?
Re: Force SSL/TLS connection for new certificate.
Hello,
version 8.40 doesn't recognize it, but the last free update version 8.70 does know the AcceptAllSSLCertificates option in Syncovery.ini. You can just install it over the existing version. The download is still available in our additional downloads page.
Newer Syncovery versions are able to recognize most valid TLS certificates automatically. In that case you don't need the switch in Syncovery.ini. It's possible that version 8.70 fixes your problem even without the switch.
You may also be interested in ordering an upgrade to Syncovery 11, which is much improved! Read more about it here:
www.syncovery.com/syncovery11/
The upgrade site is:
www.syncovery.com/upgrade/
Here's an article with our latest developments, including the Syncovery 11 announcement:
www.syncovery.com/documentation/news/la ... elopments/
And here's some news about the previous Syncovery versions 8, 9 and 10:
www.syncovery.com/syncovery10/
www.syncovery.com/syncovery9/
version 8.40 doesn't recognize it, but the last free update version 8.70 does know the AcceptAllSSLCertificates option in Syncovery.ini. You can just install it over the existing version. The download is still available in our additional downloads page.
Newer Syncovery versions are able to recognize most valid TLS certificates automatically. In that case you don't need the switch in Syncovery.ini. It's possible that version 8.70 fixes your problem even without the switch.
You may also be interested in ordering an upgrade to Syncovery 11, which is much improved! Read more about it here:
www.syncovery.com/syncovery11/
The upgrade site is:
www.syncovery.com/upgrade/
Here's an article with our latest developments, including the Syncovery 11 announcement:
www.syncovery.com/documentation/news/la ... elopments/
And here's some news about the previous Syncovery versions 8, 9 and 10:
www.syncovery.com/syncovery10/
www.syncovery.com/syncovery9/
Re: Force SSL/TLS connection for new certificate.
Hello,
thanks for the fast answer!
I installed the 8.70 Update and will be waiting for next certificate swap in two month.
thanks for the fast answer!
I installed the 8.70 Update and will be waiting for next certificate swap in two month.