Archived Forum Post

Index of archived forum posts

Question:

Verify SSL/TLS Certificate chain in FTPS

Aug 24 '16 at 13:25

Hello, I have the requirement to verify the certificate in a C# FTPS Client implementation actually using ChilkatDotNet45.dll 9.5.0.45. Using the docs I came across RequireSslCertVerify and set the property to true. As the docs say: "The certificate is expired, or if the cert's signature is invalid." this is verified, but I did not find a possibility to verify the CA of the certificate or the certificate chain. Is this possible with the chilkat FTPS implementation? Best regards Jochen Kluger


Answer

You can get the server certificate by calling the GetSslServerCert method when connected via SSL/TLS.

I updated the documentation to clarify:

The server's certificate signature is verified with its issuer, and the issuer's cert is verified with its issuer, etc. up to the root CA cert. If a signature verification fails, the connection is not allowed. Also, if the certificate is expired, or if the cert's signature is invalid, the connection is not allowed.

A way for determining if the CA root is one you trust is shown here: https://www.example-code.com/csharp/http_trustedRoot.asp