RE: [EXTERNAL] SSL/TLS issue with FTP -- MIDRANGE-L

This is exactly what happened to us.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Pete Helgren
Sent: Monday, September 29, 2025 12:26 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: [EXTERNAL] SSL/TLS issue with FTP

FWIW, I just went through this myself. I was mystified as to why my
sites weren't connecting. The new cert was using an updated/new
intermediate and the old one, seemed to be the issue. My Letsencrypt
certs are signed by Letsencrypt R12 and R13 which are, in turn, signed
by ISRG Root X1. I don't recall if the intermediates had expired or
that the Letencrypt certificate update required a different
intermediate, but I downloaded and installed the R12 and R13
intermediates , which I never recall having to do before (been using LE
for years).

Selecting the certificate in DCM and then viewing the Certificate
Hierarchy told me everything I needed to know. But it was strange
because, like I said, I never had to download new intermediates before.

Pete Helgren
https://protect.checkpoint.com/v2/r01/___www.petesworkshop.com___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjRiM2U6MTBjNGM1ODNlN2QyMzRhN2M2ZWFiYzRjMzcyZDQyNmFmMzc2MTYzYjY5ZDhiOGE2ZWM5ZGQyZWEwOGJkM2M0NzpwOlQ6Rg
CISSP - MSCM
GIAC Cloud Penetration Tester
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals

On 9/29/2025 10:16 AM, Greg Wilburn wrote:

We had to manually download and add the intermediate certificate.

This is crazy... these certificates expire every 90 days. Surely they should renew.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Greg Wilburn
Sent: Monday, September 29, 2025 9:02 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: [EXTERNAL] SSL/TLS issue with FTP

Our hosted FTP server must have updated the certificate over the weekend. We are not unable to connect using
FTP RMTSYS(myftpserver) SECCNN(*SSL)

The error is
234 AUTH TLS successful
The server's certificate is not signed by a trusted certificate authority.
Do you want to trust the server's certificate temporarily in this session? (y/n)
Secure connection error, return code 6000

Connecting from a PC works just fine. The CA is "Let's Encrypt".

In DCM, I've populated all of the Let's Encrypt CA's along with ISRG Root 1 and 2.

What am I missing?
[Logo]<https://protect.checkpoint.com/v2/r01/___https://www.totalbizfulfillment.com/___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjJkMzE6ZTE5MzIwMDMxZTVmNjIxOGVjMTQ0MDViODEyY2Q2ZjIxYzI2ZDM0N2U4M2Q1OTdjYjc1NGI0OTUxNzdhY2NhZDpwOlQ6VA> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
https://protect.checkpoint.com/v2/r01/___www.totalbizfulfillment.com___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjEwYmE6MWZkYWZmNzA5MDk3YmJkZDk3YjZmODY3OWIxOTEzYmVkYjdjYzBiYmJlNzhhZGRlZWRhYjljYjc0YjlhZDFjYzpwOlQ6Rg<https://protect.checkpoint.com/v2/r01/___http://www.totalbizfulfillment.com___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OmQ5ZWE6NWYwNDFhY2M3NDU5YjA0MmNhNjRhODQxOGFjZTdiOGJlNzhjZjU3MmU2Yjg2OGU1NGRmYjlmMzRiY2Q4NDlkYjpwOlQ6VA>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://protect.checkpoint.com/v2/r01/___https://lists.midrange.com/rfnqrfsdqnxynsktdrniwfslj-q___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjE4NGM6NjU0YTU3NjcyNDhlYjcwY2IzNmI0MzRjNmJiYjI3MGM1NDFkYzQ1NmY4NGE0YmExNzQyN2Y4YWJlNjQ1ODljMzpwOlQ6VA
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://protect.checkpoint.com/v2/r01/___https://archive.midrange.com/rniwfslj-q___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjU2MDU6Njk4YWQyZGQ1NzkzNzMzYTQzMTE1Y2I0ZDA2YzI5NzBkOGFmMjIwMTYzYzk3ZGU0ZmFjODY4ZWM3N2EzM2QwZDpwOlQ6VA.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

[CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.]

Greg Wilburn
Director of IT
301.895.3792 ext. 1231

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://protect.checkpoint.com/v2/r01/___https://lists.midrange.com/rfnqrfsdqnxynsktdrniwfslj-q___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OmE3NzE6NjY2ZDIxMDI0ZjEzYTJiYTExOWY0NWE0ZGZlOTIyNjlmYTU4YmE5YWIzZDVkNzZmOTIzMDEwYWFkOTdmMGQyYTpwOlQ6VA
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://protect.checkpoint.com/v2/r01/___https://archive.midrange.com/rniwfslj-q___.YzJ1OnRvdGFsYml6ZnVsZmlsbG1lbnQxOmM6bzphNzgyZTcwZjJiMjM3ODlmMzZhNWQ0ZTgzODFhYjE2Mzo3OjQzODI6NWE3MjRmOWI5NGJkMTYzODRjYjQ5YWY0ODhiZWUyZjg2ZGVkZTI1ODA0ZDhhMWVkNTE0OWRlMjBhMTNjODNhMjpwOlQ6VA.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Greg Wilburn
Director of IT
301.895.3792 ext. 1231