Connecting to FTPS (FTP over SSL) with FluentFTP

Jothi Prakash Anandan picture Jothi Prakash Anandan · Feb 9, 2017 · Viewed 20k times · Source

I am using IIS in my local machine for testing FTP with SSL connection. I am using the FluentFTP library for connecting to the FTP. I am using the following code to connect to the Server.

FtpClient conn = new FtpClient();
conn.Host = firewallSslDetails.Address;
conn.Credentials = new NetworkCredential(firewallSslDetails.UserName, firewallSslDetails.Password);
conn.SslProtocols = System.Security.Authentication.SslProtocols.Default;

X509Certificate2 cert = new X509Certificate2(@"C:\Users\BizTalk360\Desktop\FtpSites\ServerCert.cer");
conn.EncryptionMode = FtpEncryptionMode.Implicit;
conn.DataConnectionType = FtpDataConnectionType.AutoActive;
conn.DataConnectionEncryption = true;
conn.EnableThreadSafeDataConnections = false;
conn.ClientCertificates.Add(cert);
conn.ValidateCertificate += new FtpSslValidation(OnValidateCertificate);

conn.Connect();

The server is returning me with the following error.

FluentFTP.FtpCommandException: Policy requires SSL.; Win32 error: Access is denied.; Error details: SSL policy requires SSL for control channel.;

For connecting over FTP the above code is working fine and for FTP with SSL it is not working.

Answer

Martin Prikryl picture Martin Prikryl · Feb 9, 2017

As you seem to be connecting to the default port 21 (no explicit port specified anywhere), you need to use the "Explicit" mode:

conn.EncryptionMode = FtpEncryptionMode.Explicit;

If the server uses a self-signed certificate, you may need to verify it programmatically. Do not blindly accept any certificate, as the answer by @Ivan does. That's a security flaw. Validate the specific certificate, e.g. by checking its fingerprint.

See FtpWebRequest "The remote certificate is invalid according to the validation procedure".