Secure FTP with Client Certificate

Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from a .pfx and use it as the client-side SSL cert. Note: Client-side certificates are only needed in situations where the server demands one.

Download Chilkat FTP2 ActiveX

LOCAL loFtp
LOCAL lnSuccess
LOCAL loCertStore
LOCAL lcPassword
LOCAL loCert

loFtp = CreateObject('Chilkat.Ftp2')

*  Any string unlocks the component for the 1st 30-days.
lnSuccess = loFtp.UnlockComponent("Anything for 30-day trial")
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX(loFtp.LastErrorText)
    QUIT
ENDIF

*  You may use this account for testing.
*  This account allows for directory listings and files
*  to be downloaded.  However, file uploads are not allowed.
loFtp.Hostname = "ftp.secureftp-test.com"
loFtp.Username = "test"
loFtp.Password = "test"

*  Establish an explicit secure channel after connection
*  on the standard FTP port 21.
loFtp.AuthTls = 1

*  The Ssl property is for establishing an implicit SSL connection
*  on port 990.  Do not set it.
loFtp.Ssl = 0

*  Load a certificate from a .pfx
*  A PFX may contain several certs, including the certificates
*  in a chain of authority.
loCertStore = CreateObject('Chilkat.CertStore')

lcPassword = "***"
*  Load the certs from a PFX into an in-memory certificate store:
lnSuccess = loCertStore.LoadPfxFile("chilkat.pfx",lcPassword)
IF (lnSuccess <> 1) THEN
    ? loCertStore.LastErrorText
    QUIT
ENDIF

*  Find the exact cert we'll use:

loCert = loCertStore.FindCertBySubject("Chilkat Software, Inc.")
IF (loCert = NULL ) THEN
    ? "Certificate not found!"
    QUIT
ENDIF

*  Use this certificate for our secure (SSL/TLS) connection:
loFtp.SetSslClientCert(loCert)
RELEASE loCert

*  Connect and login to the FTP server.  The connection is
*  made secure because of the AuthTls setting.
lnSuccess = loFtp.Connect()
IF (lnSuccess <> 1) THEN
    =MESSAGEBOX(loFtp.LastErrorText)
    QUIT
ELSE
    *  LastErrorText contains information even when
    *  successful. This allows you to visually verify
    *  that the secure connection actually occurred.
    ? loFtp.LastErrorText
ENDIF

=MESSAGEBOX("Secure FTP Channel Established!")

*  Do whatever you're doing to do ...
*  upload files, download files, etc...

loFtp.Disconnect()

*  The LastErrorText provides a detailed log of the
*  SSL connection for both success and failed connections.
*  Here is an example of a successful connection.
*  The client certificate is logged as "ClientCertDN":

*  ChilkatLog:
*    Connect:
*      DllDate: Aug 15 2007
*      Hostname: ftp.secureftp-test.com
*      Port: 21
*      IdleTimeoutMs: 60000
*      ConnectTimeout: 60
*      HeartbeatMs: 0
*      initialStatus: 220
*      initialResponse: 220 FileZilla Server version 0.9.23 beta
*      converting to secure connection...
*      ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc."
*      SSL Server Certificate not verified.
*      ConnectionInfo:
*        protocol: TLS1
*        cipher: RC4
*        cipherStrength: 128
*        hash: MD5
*        hashStrength: 128
*        keyExchange: RSA
*        keyExchangeStrength: 1024
*      Secure Channel Established.
*      successfully converted to secure connection...
*      Features: 211-Features:
*   MDTM
*   REST STREAM
*   SIZE
*   MLST type*;size*;modify*;
*   MLSD
*   AUTH SSL
*   AUTH TLS
*   UTF8
*   CLNT
*   MFMT
*  211 End
*      Directory listings are utf-8
*      Logging in...
*      Username: test
*      Login successful.
*      Connect successful