Hello, I have the requirement to verify the certificate in a C# FTPS Client implementation actually using ChilkatDotNet45.dll 188.8.131.52. Using the docs I came across RequireSslCertVerify and set the property to true. As the docs say: "The certificate is expired, or if the cert's signature is invalid." this is verified, but I did not find a possibility to verify the CA of the certificate or the certificate chain. Is this possible with the chilkat FTPS implementation? Best regards Jochen Kluger
asked Aug 22 '16 at 10:40
You can get the server certificate by calling the GetSslServerCert method when connected via SSL/TLS.
I updated the documentation to clarify:
The server's certificate signature is verified with its issuer, and the issuer's cert is verified with its issuer, etc. up to the root CA cert. If a signature verification fails, the connection is not allowed. Also, if the certificate is expired, or if the cert's signature is invalid, the connection is not allowed.
A way for determining if the CA root is one you trust is shown here: https://www.example-code.com/csharp/http_trustedRoot.asp