Intro
I have seen too much advice on the Internet for resolving problems when one encounters erroers of this sort when using the lftp client on linux:
mput: myfile.log: Fatal error: Certificate verification: unable to get local issuer certificate (3E:...)
or this one:
mput: myfile.log: Fatal error: Certificate verification: unable to get issuer certificate (4A:...)
You research that and get a lot of htis that recommend to
“set ssl:verify-certificate false inside the lftp command”
But, you know, security-wise, that isn’t such a hot approach. And you can do better with just a bit more effort.
The details
Examine what certificate the ftp server is using with this openssl command:
$ openssl s_client -showcerts -connect example.com:21 -starttls ftp
The privatre pki scenario
I’m imagining a scenario where yuo are in a world where a private pki reigns. In that case you want to just make sure lftp knows where to find the private root CA and possibly the intermediate CA.
To be continued…
One reply on “Setting up lftp to do ftp over ssl”
When will this continue, because I would like to know. As I am in a world where private PKI reigns and internetconnectivity is unavailable (you guessed it) … against what does lftp verify the certificate ?