Connecting to FTPS (FTP over SSL) with FluentFTP

Asked 9/2, 2017 at 7:39 Answered 7/8, 2019 at 19:17

I am using IIS in my local machine for testing FTP with SSL connection. I am using the FluentFTP library for connecting to the FTP. I am using the following code to connect to the Server.

FtpClient conn = new FtpClient();
conn.Host = firewallSslDetails.Address;
conn.Credentials = new NetworkCredential(firewallSslDetails.UserName, firewallSslDetails.Password);
conn.SslProtocols = System.Security.Authentication.SslProtocols.Default;

X509Certificate2 cert = new X509Certificate2(@"C:\Users\BizTalk360\Desktop\FtpSites\ServerCert.cer");
conn.EncryptionMode = FtpEncryptionMode.Implicit;
conn.DataConnectionType = FtpDataConnectionType.AutoActive;
conn.DataConnectionEncryption = true;
conn.EnableThreadSafeDataConnections = false;
conn.ClientCertificates.Add(cert);
conn.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);

conn.Connect();

The server is returning me with the following error.

FluentFTP.FtpCommandException: Policy requires SSL.; Win32 error: Access is denied.; Error details: SSL policy requires SSL for control channel.;

For connecting over FTP the above code is working fine and for FTP with SSL it is not working.

Swallow answered 9/2, 2017 at 7:39 Comment(0)

As you seem to be connecting to the default port 21 (no explicit port specified anywhere), you need to use the "Explicit" mode:

conn.Config.EncryptionMode = FtpEncryptionMode.Explicit;

If the server uses a self-signed certificate, you may need to verify it programmatically. Do not blindly accept any certificate, as the answer by @Ivan does. That's a security flaw. Validate the specific certificate, e.g. by checking its fingerprint.

See FtpWebRequest "The remote certificate is invalid according to the validation procedure".

Peculate answered 9/2, 2017 at 8:22 Comment(0)

//try this , 

var cl = new FtpClient(Server, Port, User, Password);
            cl.EncryptionMode = FtpEncryptionMode.Implicit;
            cl.DataConnectionType = FtpDataConnectionType.AutoPassive;
            cl.DataConnectionEncryption = true;
            cl.SslProtocols = protocol;
            cl.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
            var cer = new X509Certificate2(certificate);
            cl.ClientCertificates.Add(cer);
 System.Net.ServicePointManager.ServerCertificateValidationCallback = ServerCertificateValidationCallback;
 client.Connect();


 void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
        {
            // add logic to test if certificate is valid here
            e.Accept = true;
        }
        private  bool ServerCertificateValidationCallback(object sender,
                                                X509Certificate certificate,
                                                X509Chain chain,
                                                SslPolicyErrors sslPolicyErrors)
        {
            return true;
        }

Halie answered 7/8, 2019 at 19:17 Comment(1)

Do not blindly accept any certificate. That's a security flaw. Validate the specific certificate, e.g. by checking its fingerprint. See FtpWebRequest "The remote certificate is invalid according to the validation procedure". – Peculate 14/4, 2021 at 4:39

Recommended topics

Hot tags