4

I am trying download file through FTPS connection with port 990 (TLS) using FluentFTP.

But the code is not able to establish connection and showing exception as "The remote certificate is invalid according to the validation procedure."

The FTP server is connecting properly when I use FileZilla FTP tool manually (showing as it is connected through ftps over TLS (Implicit)

FtpClient fclient = new FtpClient(hostname, username, password); 
fclient.EncryptionMode = FtpEncryptionMode.Implicit;
fclient.SslProtocols = SslProtocols.Tls12; //Also tried with TLS1 and TLS
fclient.Port = 990;          
fclient.Connect();
Pradeep H
  • 592
  • 2
  • 7
  • 27
  • You have possibly manually made Filezilla accept the certificate. What if you try to connect with a new FTP client, like WinSCP? Would it connect without any prompt about certificate? – Martin Prikryl Sep 13 '18 at 20:18
  • https://stackoverflow.com/questions/19327840/certificate-validation-installation-for-ftps-ssl You might hack `ServerCertificateValidationCallback` as the question indicated. FluentFTP might have its own certificate validation handler if you check their documentation/source code. – Lex Li Sep 13 '18 at 23:39

2 Answers2

2

Try this (taken from ConnectFTPSCertificate.cs example of FluentFTP). The important part is the callback OnValidateCertificate.

public static async Task ConnectFTPSCertificateAsync() {
    var token = new CancellationToken();
    using (var conn = new FtpClient("127.0.0.1", "ftptest", "ftptest")) {

        conn.EncryptionMode = FtpEncryptionMode.Explicit;
        conn.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);
        await conn.ConnectAsync(token);
    }
}

private static void OnValidateCertificate(FtpClient control, FtpSslValidationEventArgs e) {
    if (e.PolicyErrors == System.Net.Security.SslPolicyErrors.None) {
        e.Accept = true;
    }
    else {
        // add logic to test if certificate is valid here
        // lookup the "Certificate" and "Chain" properties
        e.Accept = false;
    }
}
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
Martin.Martinsson
  • 1,894
  • 21
  • 25
-1

I experienced the same issue. Pay attention that fluentFTP supports only external interfaces and not implicit I also tried ftpWebRequest without success. Try using winSCP.

Jennifer S
  • 1,419
  • 1
  • 24
  • 43
L Y
  • 1
  • 1
  • What is *"external interface"*? Don't you mean *explicit* (vs. *implicit*)? Though FluentFTP supports both explicit and implicit (the `FtpWebRequest` does not support *implicit*. – Martin Prikryl Jun 30 '21 at 05:56