Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#12347 closed Bug report (invalid)

Update failures - is using a local CA, so no path to verification

Reported by: m27GUmtEKeVEla Owned by:
Priority: normal Component: Unknown
Keywords: self-signed certificate Cc: m27GUmtEKeVEla
Component version: 3.51.0 Operating system type:
Operating system version: Windows 10.0.18362.1256


When checking for updates in the client, I saw the update failing to connect. I grabbed the connection string from the "Show details" link and pasted it into a browser (Chrome for example). The link for me was

This should generate a standard warning that pops up whenever certificates can't be validated. Looking at the certificate, the cert specified for seems good; however, it was issued by a private ca for with a private IP address of This needs to be issued as a resolvable host (also: use FQDN, not IP).

New cert looks to have been applied around Dec 14.

Attachments (1)

FileZilla cert bug.png (19.6 KB ) - added by m27GUmtEKeVEla 3 years ago.
Screenshot of certificate details

Download all attachments as: .zip

Change History (4)

comment:1 by m27GUmtEKeVEla, 3 years ago

Summary: us using a local CA, so no path to verificationUpdate failures - is using a local CA, so no path to verification

by m27GUmtEKeVEla, 3 years ago

Attachment: FileZilla cert bug.png added

Screenshot of certificate details

comment:2 by m27GUmtEKeVEla, 3 years ago

Resolution: invalid
Status: newclosed

BlueCoat proxies replacing certificate in this case. No action needed.

comment:3 by Tim Kosse, 3 years ago

For security reasons, communication with the update server is authenticated by a custom CA trusted by FileZilla. It deliberately does not use the system trust store. Updates thus will fails if a malicious firewall tampers with TLS connections.

Note: See TracTickets for help on using tickets.