Secure FTP with Client Certificate

Chilkat FTP2 provides the ability to use a client certificate with secure FTP (implicit or explicit SSL/TLS). This example demonstrates how to load a certificate from a .pfx and use it as the client-side SSL cert. Note: Client-side certificates are only needed in situations where the server demands one.

Download Chilkat Python Library

import sys
import chilkat

ftp = chilkat.CkFtp2()

#  Any string unlocks the component for the 1st 30-days.
success = ftp.UnlockComponent("Anything for 30-day trial")
if (success != True):
    print ftp.lastErrorText()
    sys.exit()

#  You may use this account for testing.
#  This account allows for directory listings and files
#  to be downloaded.  However, file uploads are not allowed.
ftp.put_Hostname("ftp.secureftp-test.com")
ftp.put_Username("test")
ftp.put_Password("test")

#  Establish an explicit secure channel after connection
#  on the standard FTP port 21.
ftp.put_AuthTls(True)

#  The Ssl property is for establishing an implicit SSL connection
#  on port 990.  Do not set it.
ftp.put_Ssl(False)

#  Load a certificate from a .pfx
#  A PFX may contain several certs, including the certificates
#  in a chain of authority.
certStore = chilkat.CkCertStore()

password = "***"
#  Load the certs from a PFX into an in-memory certificate store:
success = certStore.LoadPfxFile("chilkat.pfx",password)
if (success != True):
    print certStore.lastErrorText()
    sys.exit()

#  Find the exact cert we'll use:

cert = certStore.FindCertBySubject("Chilkat Software, Inc.")
if (cert == None ):
    print "Certificate not found!"
    sys.exit()

#  Use this certificate for our secure (SSL/TLS) connection:
ftp.SetSslClientCert(cert)

#  Connect and login to the FTP server.  The connection is
#  made secure because of the AuthTls setting.
success = ftp.Connect()
if (success != True):
    print ftp.lastErrorText()
    sys.exit()
else:
    #  LastErrorText contains information even when
    #  successful. This allows you to visually verify
    #  that the secure connection actually occurred.
    print ftp.lastErrorText()

print "Secure FTP Channel Established!"

#  Do whatever you're doing to do ...
#  upload files, download files, etc...

ftp.Disconnect()

#  The LastErrorText provides a detailed log of the
#  SSL connection for both success and failed connections.
#  Here is an example of a successful connection.
#  The client certificate is logged as "ClientCertDN":

#  ChilkatLog:
#    Connect:
#      DllDate: Aug 15 2007
#      Hostname: ftp.secureftp-test.com
#      Port: 21
#      IdleTimeoutMs: 60000
#      ConnectTimeout: 60
#      HeartbeatMs: 0
#      initialStatus: 220
#      initialResponse: 220 FileZilla Server version 0.9.23 beta
#      converting to secure connection...
#      ClientCertDN: C=US, S=Illinois, L=Wheaton, O="Chilkat Software, Inc.", OU=Secure Application Development, CN="Chilkat Software, Inc."
#      SSL Server Certificate not verified.
#      ConnectionInfo:
#        protocol: TLS1
#        cipher: RC4
#        cipherStrength: 128
#        hash: MD5
#        hashStrength: 128
#        keyExchange: RSA
#        keyExchangeStrength: 1024
#      Secure Channel Established.
#      successfully converted to secure connection...
#      Features: 211-Features:
#   MDTM
#   REST STREAM
#   SIZE
#   MLST type*;size*;modify*;
#   MLSD
#   AUTH SSL
#   AUTH TLS
#   UTF8
#   CLNT
#   MFMT
#  211 End
#      Directory listings are utf-8
#      Logging in...
#      Username: test
#      Login successful.
#      Connect successful