Using WS_FTP Self-signed Certificate file (.crt) and Private Key File. (.key)

Demonstrates how to use a self-signed certificate created by WS_FTP with Chilkat FTP2.

Note: It is usually not necessary for the FTP client to use a client-side certificate. Most FTP servers using SSL and TLS connections (explicit or implicit) do not require client-side certs. In addition, some high-security FTP servers require "real" certificates -- meaning certificates issued by a real certificate authority with a chain of authentication that leads to a trusted root certificate. The certificates created by WS_FTP are self-signed and untrusted.

Downloads:

MS Windows Visual C/C++ Libraries

Linux/CentOS C/C++ Libraries

MAC OS X C/C++ Libraries

Solaris C/C++ Libraries

C++ Builder Libraries

#include <C_CkFtp2.h>
#include <C_CkCertStore.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    HCkFtp2 ftp;
    BOOL success;
    HCkCertStore certStore;
    HCkCert cert;

    //  Important:  Before running this program, convert your
    //  .crt and .key files to a .p12 using OpenSSL:
    //  The command is this:
    //  openssl pkcs12 -export -in test.crt -inkey test.key -out test.p12
    // 

    ftp = CkFtp2_Create();

    //  Any string unlocks the component for the 1st 30-days.
    success = CkFtp2_UnlockComponent(ftp,"Anything for 30-day trial");
    if (success != TRUE) {
        printf("%s\n",CkFtp2_lastErrorText(ftp));
        return;
    }

    CkFtp2_putHostname(ftp,"ftp.***.com");
    CkFtp2_putPort(ftp,21);
    CkFtp2_putUsername(ftp,"testLogin");
    CkFtp2_putPassword(ftp,"testPassword");

    //  This example will use explict TLS/SSL.
    //  Establish an explicit secure channel after connection
    //  on the standard FTP port 21.
    CkFtp2_putAuthTls(ftp,TRUE);

    //  The Ssl property is for establishing an implicit SSL connection
    //  on port 990.  Because this example uses explicit SSL, it
    //  should remain FALSE.
    CkFtp2_putSsl(ftp,FALSE);

    //  Create an instance of a certificate store object, load a .p12 file,
    //  locate the certificate we need, and use it for signing.
    //  (a P12/PFX file may contain more than one certificate.)
    certStore = CkCertStore_Create();
    //  The 1st argument is the filename, the 2nd arg is the
    //  .p12 file's password.  (OpenSSL will prompty you to set a password
    //  when converting the .crt and .key into a .p12).
    success = CkCertStore_LoadPfxFile(certStore,"test.p12","secret");
    if (success != TRUE) {
        printf("%s\n",CkCertStore_lastErrorText(certStore));
        return;
    }

    cert = CkCertStore_FindCertBySubjectCN(certStore,"Your cert's common name");
    if (cert == 0 ) {
        printf("%s\n",CkCertStore_lastErrorText(certStore));
        return;
    }

    CkFtp2_SetSslClientCert(ftp,cert);

    CkCert_Dispose(cert);

    //  Connect and login to the FTP server.
    success = CkFtp2_Connect(ftp);
    if (success != TRUE) {
        printf("%s\n",CkFtp2_lastErrorText(ftp));
        return;
    }
    else {
        //  LastErrorText contains information even when
        //  successful. This allows you to visually verify
        //  that the secure connection actually occurred.
        printf("%s\n",CkFtp2_lastErrorText(ftp));
    }

    printf("Secure FTP Channel Established!\n");
    printf("%s\n",CkFtp2_lastErrorText(ftp));

    //  Do whatever you're doing to do ...
    //  upload files, download files, etc...

    //  ...
    //  ...

    CkFtp2_Disconnect(ftp);

    CkFtp2_Dispose(ftp);
    CkCertStore_Dispose(certStore);

    }