Connecting to FTPS using PHP and certificate as auth

Erik picture Erik · Apr 30, 2012 · Viewed 7.8k times · Source

I'm having a hard time setting up a connection to a FTPS.

I'm supposed to connect using SSL/TLS and AUTH (explicit standard). I've got a server address and a port (:60000) and a public key from the server owner as well as a certificate of my own.

After googling around I think curl is my best option but I don't really know what curl options to use.

Does anyone have a working example on a snippet which connects and uploads/downloads a file to such a FTPS?

This page has some info http://php.net/manual/en/function.curl-setopt.php E.g dong the same think but using username/password

$username = 'username';
$password = 'password';
$url = 'example.com';
$ftp_server = "ftp://" . $username . ":" . $password . "@" . $url;

echo "Starting CURL.\n";
$ch = curl_init();
echo "Set CURL URL.\n";

//curl FTP
curl_setopt($ch, CURLOPT_URL, $ftp_server);

//For Debugging
//curl_setopt($ch, CURLOPT_VERBOSE, TRUE);   

//SSL Settings
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_TRY);

//List FTP files and directories
curl_setopt($ch, CURLOPT_FTPLISTONLY, TRUE);

//Output to curl_exec
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

echo "Executing CURL.\n";
$output = curl_exec($ch);
curl_close($ch);
echo "Closing CURL.\n";
echo $output . "\n";
$files = explode("\n", $output);
print_r($files);

Any ideas how to use a certificate instead?

Thanks in advance!

Answer

J Griffiths picture J Griffiths · Oct 21, 2013

Late response I know, but I've also been struggling with this, and the following two blocks of code ended up working for me, so even if it's too late for you, maybe it'll help others. In my case, I only had to verify the peer with a CA certificate, so if you need to verify yourself with the peer (beyond user/pass of course), you may need to integrate the third block of code below.

Downloading (with CA certificate only)

$ftp_server = 'ftps://YOUR-SERVER-NAME/';
$ftp_user = 'FTP-USER-NAME';
$ftp_password = 'FTP-PASSWORD';

$ftp_certificate = 'PATH TO CA CERT'; 
// ...e.g./var/www/certs/ssl-certificate.pub.crt    
$source_file = 'REMOTE-FILE-PATH';
$destination_file = 'LOCAL-FILE-PATH';

$file = fopen($destination_file, 'w');

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_URL, $ftp_server . $source_file);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $ftp_user . ':' . $ftp_password);
curl_setopt($ch, CURLOPT_TIMEOUT, 400);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 400);
curl_setopt($ch, CURLOPT_FILE, $file);

//SSL
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, $ftp_certificate);
curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_SSL);

curl_exec($ch);
$error_no = curl_errno($ch);
$error_msg = curl_error($ch);
curl_close ($ch);
if ($error_no == 0) {
    $msg = 'File downloaded succesfully.';
} else {
    $msg = 'File download error:' . $error_msg . ' | ' . $error_no;
}
fclose($file);
echo $msg;

Uploading (with CA certificate only)

$ftp_server = 'ftps://YOUR-SERVER-NAME/';
$ftp_user = 'FTP-USER-NAME';
$ftp_password = 'FTP-PASSWORD';

$ftp_certificate = 'PATH TO CA CERT'; 
// ...e.g./var/www/certs/ssl-certificate.pub.crt    
$source_file = 'LOCAL-FILE-PATH';
$destination_file = 'REMOTE-FILE-PATH';

$file = fopen($source_file, 'r');

$ch = curl_init();

curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
curl_setopt($ch, CURLOPT_URL, $ftp_server . $destination_file);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERPWD, $ftp_user . ':' . $ftp_password);
curl_setopt($ch, CURLOPT_TIMEOUT, 400);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 400);

curl_setopt($ch, CURLOPT_UPLOAD, 1);
curl_setopt($ch, CURLOPT_INFILE, $file);
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($source_file));

//SSL stuff
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, $ftp_certificate);

curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_SSL);

$upload_result = curl_exec($ch);
$upload_info = curl_getinfo($ch);
$error_no = curl_errno($ch);
$error_msg = curl_error($ch);
curl_close ($ch);
if ($error_no == 0) {
    $msg = 'File uploaded succesfully.';
} else {
    $msg = 'File upload error:' . $error_msg . ' | ' . $error_no;
}

fclose($file);
echo $msg . '(' . filesize($source_file) . ')';

You can check the response code like this for example:

if ($upload_info['http_code'] == '226') {...}

To add public / private keys (add this before curl_exec)

// A private SSL key.
// If your key file has a password, you will need to set
// this with CURLOPT_SSLKEYPASSWD
curl_setopt($ch, CURLOPT_SSLKEY, $keyFile);

// A PEM formatted certificate- with CURLOPT_SSLCERTTYPE
// you could also use DER or ENG formats
curl_setopt($ch, CURLOPT_SSLCERT, $certFile);
curl_setopt($ch, CURLOPT_SSLCERTPASSWD, $certPass);

You may of course have to fiddle with timemout limits in PHP, Apache, and also nginx, as I did in my case with a troublesome Plesk installation, if files are large and transfers are slow.