Secure FTP with Client Certificate

Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from a .pfx and use it as the client-side SSL cert. Note: Client-side certificates are only needed in situations where the server demands one.

Download Chilkat FTP2 ActiveX

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
set ftp = Server.CreateObject("Chilkat.Ftp2")

'  Any string unlocks the component for the 1st 30-days.
success = ftp.UnlockComponent("Anything for 30-day trial")
If (success <> 1) Then
    Response.Write ftp.LastErrorText & "<br>"

End If

'  You may use this account for testing.
'  This account allows for directory listings and files
'  to be downloaded.  However, file uploads are not allowed.
ftp.Hostname = "ftp.secureftp-test.com"
ftp.Username = "test"
ftp.Password = "test"

'  Establish an explicit secure channel after connection
'  on the standard FTP port 21.
ftp.AuthTls = 1

'  The Ssl property is for establishing an implicit SSL connection
'  on port 990.  Do not set it.
ftp.Ssl = 0

'  Load a certificate from a .pfx
'  A PFX may contain several certs, including the certificates
'  in a chain of authority.
set certStore = Server.CreateObject("Chilkat.CertStore")

password = "***"
'  Load the certs from a PFX into an in-memory certificate store:
success = certStore.LoadPfxFile("chilkat.pfx",password)
If (success <> 1) Then
    Response.Write Server.HTMLEncode( certStore.LastErrorText) & "<br>"

End If

'  Find the exact cert we'll use:

Set cert = certStore.FindCertBySubject("Chilkat Software, Inc.")
If (cert Is Nothing ) Then
    Response.Write Server.HTMLEncode( "Certificate not found!") & "<br>"

End If

'  Use this certificate for our secure (SSL/TLS) connection:
ftp.SetSslClientCert cert

'  Connect and login to the FTP server.  The connection is
'  made secure because of the AuthTls setting.
success = ftp.Connect()
If (success <> 1) Then
    Response.Write ftp.LastErrorText & "<br>"

Else
    '  LastErrorText contains information even when
    '  successful. This allows you to visually verify
    '  that the secure connection actually occurred.
    Response.Write Server.HTMLEncode( ftp.LastErrorText) & "<br>"
End If

Response.Write "Secure FTP Channel Established!" & "<br>"

'  Do whatever you're doing to do ...
'  upload files, download files, etc...

ftp.Disconnect 

'  The LastErrorText provides a detailed log of the
'  SSL connection for both success and failed connections.
'  Here is an example of a successful connection.
'  The client certificate is logged as "ClientCertDN":

'  ChilkatLog:
'    Connect:
'      DllDate: Aug 15 2007
'      Hostname: ftp.secureftp-test.com
'      Port: 21
'      IdleTimeoutMs: 60000
'      ConnectTimeout: 60
'      HeartbeatMs: 0
'      initialStatus: 220
'      initialResponse: 220 FileZilla Server version 0.9.23 beta
'      converting to secure connection...
'      ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc."
'      SSL Server Certificate not verified.
'      ConnectionInfo:
'        protocol: TLS1
'        cipher: RC4
'        cipherStrength: 128
'        hash: MD5
'        hashStrength: 128
'        keyExchange: RSA
'        keyExchangeStrength: 1024
'      Secure Channel Established.
'      successfully converted to secure connection...
'      Features: 211-Features:
'   MDTM
'   REST STREAM
'   SIZE
'   MLST type*;size*;modify*;
'   MLSD
'   AUTH SSL
'   AUTH TLS
'   UTF8
'   CLNT
'   MFMT
'  211 End
'      Directory listings are utf-8
'      Logging in...
'      Username: test
'      Login successful.
'      Connect successful

%>
</body>
</html>