edtFTPnet/PRO - Secure FTP component for .NET | Free Trial | Pricing

How to use FTPS (with server validation - part A)

The topic How to use FTPS (introduction) describes the FTPS features of SecureFTPConnection.  This topic demonstrates the use of FTPS with server validation in the case where the server certificate's CommonName (CN) is the same as its address.

IMPORTANT: An FTPS compatible FTP server is required for this example.  You can download a free trial of CompleteFTP, a Windows FTPS server, from this link.

As in FTPS without server validation, the Protocol and ServerValidation properties must be set:

ftpConnection.Protocol = FileTransferProtocol.FTPSExplicit;
ftpConnection.ServerValidation = SecureFTPServerValidationType.Automatic;

Setting ServerValidation to Automatic instructs SecureFTPConnection to match the certificate that the server presents against those in the Windows Certificate Store or a pre-loaded certificate.  This means that either of the following must be true:

  1. the server certificate has been issued by a Certificate Authority, such as VeriSign or Thawte, whose certificate is in the Windows Certificate store (the “Trusted Root Certification Authorities”); OR
  2. the server's certificate itself is in the Windows Certificate store (the “Trusted Root Certification Authorities”); OR
  3. the server's certificate is loaded into directly into SecureFTPConnection's ServerValidationCertificate property.

In the first case no manipulation of the Windows Certificate store is necessary. Most popular Certificate Authority certificates are installed in the store by default.

In the second case it is necessary to install the server certificate on the machine on which SecureFTPConnection is being used.  To do this, use the Windows Certificate Manager tool (you must be a member of the Administrators group). Select Run from the Start menu, and then enter certmgr.msc. Go to "Trusted Root Certification Authorities" and import your certificate.

This only needs to be done once since the certificate will remain in the store until it is removed.

In the third case the server certificate can be loaded into the ServerValidationCertificate property via the SSLFTPCertificate.CreateFromFile method.

Once the server certificate is loaded, or the Certificate Authority that issued it is in the Windows certificate store, the Connect() may simply be called to establish a secure connection:

ftpConnection.Connect();

While the secure connection is being established the CommonName (CN) of the server certificate is checked. If this check fails, the connection will fail. Please refer to How to use FTPS (with server validation - part B) and How to use FTPS (with server validation - part C) for more details on this issue.