Integration error: "The remote certificate is invalid according to the validation procedure." with an FTPS file location
When setting up a drop file integration with FTPS as the scan folder, the integration cannot start up and yields the error "The remote certificate is invalid according to the validation procedure."
BarTender 2016 and later
When setting up the Integration, the builder tries to reach out to the FTPS server to access the location. However, it receives an invalid certificate. This happens when the FTPS server is hosted in IIS and uses a self-signed certificate.
The self-signed certificate is actually missing specific keys that the Integration Builder wants to use in order to create a secure connection. We can actually see the same results if we try to connect to the FTPS site with FileZilla:
error -48 tells us the certificate key is incorrect and that the software can't establish a secure connection.
Creating a proper certificate
Open up an elevated power shell (WinKey+X) and type the following while replacing the HOSTNAME and FTPSLOCATION as your own. (note the quotes are required in these two locations)
PS C:\Windows\system32> new-selfsignedcertificate -dnsname "HOSTNAME" -certstorelocation "FTPSLOCATION" -friendlyname "powershellcert" -keydescription "self-signed cert" -keyalgorithm "RSA" -keylength "2048" -keyusage dataencipherment, keyencipherment, digitalsignature
Once you create the certificate, it will appear in your personal certificates on the computer
Adding the certificate to the IIS server
Locate the certificate in your computer's certificate store. You can find this in the Control Panel or search on your start menu:
When that opens, navigate to Personal > Certificates and locate the one you just created:
Right click on the key, go to All Tasks > Export. Save the key in a location you can find.
In the IIS Manager, locate your Server Certificates and Import the certificate into the list.
Now you should see the certificate listed here. Next on the FTPS site, locate the FTP SSL Settings and select the new certificate from the drop-down menu:
Once you save your settings, the error in the Integration goes away.
More Information (optional)
This seems to be an error with the IIS Self-signed Certificate process. Other self-signed certificate generators don't seem to have this issue.