Secure FTP with Client Certificate

Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from a .pfx and use it as the client-side SSL cert. Note: Client-side certificates are only needed in situations where the server demands one.

Download Chilkat Python 2.5 Library

Download Chilkat Python 2.6 Library

Download Chilkat Python 2.6 Library (x64)

import sys
import chilkat

ftp = chilkat.CkFtp2()

#  Any string unlocks the component for the 1st 30-days.
success = ftp.UnlockComponent("Anything for 30-day trial")
if (success != True):
    print ftp.lastErrorText()
    sys.exit()

#  You may use this account for testing.
#  This account allows for directory listings and files
#  to be downloaded.  However, file uploads are not allowed.
ftp.put_Hostname("ftp.secureftp-test.com")
ftp.put_Username("test")
ftp.put_Password("test")

#  Establish an explicit secure channel after connection
#  on the standard FTP port 21.
ftp.put_AuthTls(True)

#  The Ssl property is for establishing an implicit SSL connection
#  on port 990.  Do not set it.
ftp.put_Ssl(False)

#  Load a certificate from a .pfx
#  A PFX may contain several certs, including the certificates
#  in a chain of authority.
certStore = chilkat.CkCertStore()

password = "***"
#  Load the certs from a PFX into an in-memory certificate store:
success = certStore.LoadPfxFile("chilkat.pfx",password)
if (success != True):
    print certStore.lastErrorText()
    sys.exit()

#  Find the exact cert we'll use:

cert = certStore.FindCertBySubject("Chilkat Software, Inc.")
if (cert == None ):
    print "Certificate not found!"
    sys.exit()

#  Use this certificate for our secure (SSL/TLS) connection:
ftp.SetSslClientCert(cert)

#  Connect and login to the FTP server.  The connection is
#  made secure because of the AuthTls setting.
success = ftp.Connect()
if (success != True):
    print ftp.lastErrorText()
    sys.exit()
else:
    #  LastErrorText contains information even when
    #  successful. This allows you to visually verify
    #  that the secure connection actually occurred.
    print ftp.lastErrorText()

print "Secure FTP Channel Established!"

#  Do whatever you're doing to do ...
#  upload files, download files, etc...

ftp.Disconnect()

#  The LastErrorText provides a detailed log of the
#  SSL connection for both success and failed connections.
#  Here is an example of a successful connection.
#  The client certificate is logged as "ClientCertDN":

#  ChilkatLog:
#    Connect:
#      DllDate: Aug 15 2007
#      Hostname: ftp.secureftp-test.com
#      Port: 21
#      IdleTimeoutMs: 60000
#      ConnectTimeout: 60
#      HeartbeatMs: 0
#      initialStatus: 220
#      initialResponse: 220 FileZilla Server version 0.9.23 beta
#      converting to secure connection...
#      ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc."
#      SSL Server Certificate not verified.
#      ConnectionInfo:
#        protocol: TLS1
#        cipher: RC4
#        cipherStrength: 128
#        hash: MD5
#        hashStrength: 128
#        keyExchange: RSA
#        keyExchangeStrength: 1024
#      Secure Channel Established.
#      successfully converted to secure connection...
#      Features: 211-Features:
#   MDTM
#   REST STREAM
#   SIZE
#   MLST type*;size*;modify*;
#   MLSD
#   AUTH SSL
#   AUTH TLS
#   UTF8
#   CLNT
#   MFMT
#  211 End
#      Directory listings are utf-8
#      Logging in...
#      Username: test
#      Login successful.
#      Connect successful