Knowledge Base

Enter search queries below or use the tag links to the right to browse the knowledge base by category (Show All Tags).


Host certificate / key fingerprint error

Note: This article was written for Robo-FTP 3.9.9. The process may vary somewhat for older or newer versions.

Every time you connect to a secure server, the server sends the fingerprint for the server's SSH host key (if it is an SFTP server) or the host certificate (if it is an FTPS server).

You must accept this certificate / fingerprint before the connection can continue.

Robo-FTP offers the ability to store this information. Then, on subsequent connection attempts, it compares what the server sends down on the current attempt and accepts it automatically as long as it matches what it received previously.

This is a security feature that helps prevent what are commonly known as "man in the middle" attacks.

If you have not yet accepted and stored the certificate / key fingerprint, the error message you see in the log might look like this:

Logon in progress...
Certificate error - may need to use /trust option.
Connection to FTP site failed. [1152]

This can vary depending on the version of Robo-FTP you are using.

This error message means that either:

  • You have not previously accepted and stored the host certificate or key fingerprint
  • You have previously accepted and stored the server host certificate or host key fingerprint and it does not match the one you receive when you connect this time

If you wish to accept and store the current certificate/key fingerprint, you should connect to the site with the Robo-FTP Configurator by navigating to the Manage Sites tab, selecting the relevant site, and clicking the Edit button. You should then click the Test button.

The software will display a pop-up message with the fingerprint and give you an opportunity to accept and store the fingerprint.

Once you have accepted and stored the fingerprint, your Robo-FTP script should no longer return this error.

If you are using an older version of Robo-FTP that does not have a Test button in the Site Manager of the Configurator, you can accomplish the same thing from your script.

Assuming you have created an entry in the Site Manager for your SFTP or FTPS site named "MyConnection," launch Robo-FTP and run the following commands directly from the main console window.

FTPLOGON "MyConnection" /trust=all
FTPLOGOFF

You should now be able to run Robo-FTP scripts that connect to this server without using the /trust=all option.

NOTE: Your script will return an error if at some point in the future the server changes its certificate / key. If this happens, simply connect again manually with the /trust=all option to store the new site information.

Article last updated: 2022-01-10

Tags: SFTP, SSH, fingerprint