Server's certificate is unknown when using ftp with cPanel

[ArjunSuhass]

I have a VPS hosting with both WHM/cPanel and SSH root access, I created an FTP account using cPanel, now when I try to connect using fileZilla I get the following
Warning:
The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted. etc etc. and at the bottom under Session details a red text saying Hostname doesn't match certificate.

Now I'm familiar with SSH/CLI and can navigate anywhere in the server without any trouble if graphical cPanel access is not enough, but don't have in depth knowledge about SSL certificates or networking in general so at a loss where to even begin. Of course I tried googling first in case this is a common case but without avail, so I need at least a clue to the right direction, for starters, should I check some values from some files in the server and match with something showing in the message?

Here's the screenshots of the server certificate from a browser:

imgur.com

Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users like Apklub.

imgur.com

And here's the popup warning window from FileZilla while trying to connect to the server:

imgur.com

Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users like Apklub.

imgur.com

 

[quietFinn]

If the certificate is for the server you are connecting to it's normal, and you can ignore that message.

 

[ArjunSuhass]

Okay @quietFinn thanks for the Support

 

[cPRex]

Yes, this is just like when you make an SSH connection to a machine for the first time and it asks if you're sure you recognize the host. Nothing to be concerned with at all here since the screenshots show the SSL is valid.

 

[plesk4lyf]

@ArjunSuhass the reason for the warning is in the screenshot:
Host: 263research.com:21 - Hostname does not match certificate

That's because the certificate Common Name doesn't mention 263research.com . The certificate is for Common Name: v5837.securen.net.

If you instead connect to v5837.securen.net, you'll still get the prompt, but there'll be no warning about the name not matching.

I vaguely remember out of pureftp and proftp, one of them doesn't support SNI, which allows you to use individual SSL certificates to cover the configured hostnames. It's not mentioned on in the documentation of differences: FTP Server Selection | cPanel & WHM Documentation

@cPRex would know!

 

[ecartz]

Warning:
The server's certificate is unknown. Please carefully examine the certificate to make sure the server can be trusted.

This is perfectly normal and expected. The first time you connect, the certificate is unknown.

It may be possible to configure FileZilla to look the same place as your SSH client to see if a certificate is known. This would be highly dependent on what SSH client you use. Or you could replace FileZilla with another FTP client that interacts better with your SSH client. It looks like FileZilla itself uses PuTTY. I do not know if using PuTTY would be sufficient.

at the bottom under Session details a red text saying Hostname doesn't match certificate.

This is not as expected. If you are sure that v5837.securen.net is supposed to host 263research.com, you can ignore it or connect to the host using the name the certificate expects.

It is also generally possible to use a certificate to cover multiple domains, which would be a better fix if your clients are going to use SSL-secured FTP or SSH. According to this link both PureFTPD and ProFTPD now support SNI (which is used to allow a certificate to answer multiple domains on the same IP). However, you may have to use a particular version (or install modules), as they may not come with it by default. This link claims that FileZilla supports SNI.

My main point here is that you are getting two different messages. This is why you are getting different advice. The certificate being unknown is normal and many get in the habit of ignoring it (which makes that particular warning not as useful as it would otherwise be). There isn't a real fix for it other than accepting the certificate. The hostname not matching is less normal (although not that abnormal either) and may be possible to fix. It's possible that it won't allow you to permanently accept the certificate if the hostname doesn't match, so you might get the first message repeatedly rather than just once. I have provided several links to additional information, but I can't confirm that they are correct. I provide them mostly to give you an idea of the terminology involved if you want to do more research.

 

[cPRex]

"SNI support was not present in pure-ftpd 1.0.47. It was added in 1.0.48."

according to the pureftp docs.