How to use FTPS (with client/server validation)

The topic How to use FTPS (introduction) describes the FTPS features of SecureFTPConnection. This topic demonstrates the use of FTPS with server validation and client authentication through client certificates.

IMPORTANT: An FTPS compatible FTP server is required for this example. There are free FTPS-compatible servers available on Windows and *NIX platforms.

SecureFTPConnection may be configured such that it presents a client certificate upon request from the server. Note that the server will usually only request the client certificate if it has been configured to do so. In addition, the server will validate the client certificate in a manner similar to the way the client validates the server. This is, however, a server configuration issue and will not be covered here and we will simply assume that the server is able to validate the client's certificate.

SecureFTPConnection provides visual tools for loading client certificates at design-time or at runtime. To load a certificate at runtime the SSLFTPCertificate.PromptForCertificate method should be called:

This call shows appropriate dialogs for loading a certificate and a private key. Since the private key is password-protected a password prompt will also be displayed. If the flag is false then no private key will be loaded.

SSLFTPCertificate clientCertificate =
SSLFTPCertificate.CreateFromPEM(certFileName);
clientCertificate.AssociatePrivateKey(prvKeyFileName, password);

Note that there is no need to load the client certificate into the certificate store on the machine on which SecureFTPConnection is being used.

Note also that developers often experience problems when trying to load a private key from a Windows Service. The topic, Private Key Access Problems, discusses this issue.