Tcl
Tcl
Using WS_FTP Self-signed Certificate file (.crt) and Private Key File. (.key)
See more FTP Examples
Demonstrates how to use a self-signed certificate created by WS_FTP with Chilkat FTP2.Note: It is usually not necessary for the FTP client to use a client-side certificate. Most FTP servers using SSL and TLS connections (explicit or implicit) do not require client-side certs. In addition, some high-security FTP servers require "real" certificates -- meaning certificates issued by a real certificate authority with a chain of authentication that leads to a trusted root certificate. The certificates created by WS_FTP are self-signed and untrusted.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Important: Before running this program, convert your
# .crt and .key files to a .p12 using OpenSSL:
# The command is this:
# openssl pkcs12 -export -in test.crt -inkey test.key -out test.p12
#
set ftp [new_CkFtp2]
CkFtp2_put_Hostname $ftp "ftp.example.com"
CkFtp2_put_Port $ftp 21
CkFtp2_put_Username $ftp "testLogin"
CkFtp2_put_Password $ftp "testPassword"
# This example will use explict TLS/SSL.
# Establish an explicit secure channel after connection
# on the standard FTP port 21.
CkFtp2_put_AuthTls $ftp 1
# The Ssl property is for establishing an implicit SSL connection
# on port 990. Because this example uses explicit SSL, it
# should remain 0.
CkFtp2_put_Ssl $ftp 0
# Create an instance of a certificate store object, load a .p12 file,
# locate the certificate we need, and use it for signing.
# (a P12/PFX file may contain more than one certificate.)
set certStore [new_CkCertStore]
# The 1st argument is the filename, the 2nd arg is the
# .p12 file's password. (OpenSSL will prompty you to set a password
# when converting the .crt and .key into a .p12).
set success [CkCertStore_LoadPfxFile $certStore "test.p12" "secret"]
if {$success != 1} then {
puts [CkCertStore_lastErrorText $certStore]
delete_CkFtp2 $ftp
delete_CkCertStore $certStore
exit
}
set jsonCN [new_CkJsonObject]
CkJsonObject_UpdateString $jsonCN "CN" "cert common name"
set cert [new_CkCert]
set success [CkCertStore_FindCert $certStore $jsonCN $cert]
if {$success == 0} then {
puts [CkCertStore_lastErrorText $certStore]
delete_CkFtp2 $ftp
delete_CkCertStore $certStore
delete_CkJsonObject $jsonCN
delete_CkCert $cert
exit
}
set success [CkFtp2_SetSslClientCert $ftp $cert]
# Connect and login to the FTP server.
set success [CkFtp2_Connect $ftp]
if {$success != 1} then {
puts [CkFtp2_lastErrorText $ftp]
delete_CkFtp2 $ftp
delete_CkCertStore $certStore
delete_CkJsonObject $jsonCN
delete_CkCert $cert
exit
} else {
# LastErrorText contains information even when
# successful. This allows you to visually verify
# that the secure connection actually occurred.
puts [CkFtp2_lastErrorText $ftp]
}
puts "Secure FTP Channel Established!"
puts [CkFtp2_lastErrorText $ftp]
# Do whatever you're doing to do ...
# upload files, download files, etc...
# ...
# ...
set success [CkFtp2_Disconnect $ftp]
delete_CkFtp2 $ftp
delete_CkCertStore $certStore
delete_CkJsonObject $jsonCN
delete_CkCert $cert