mentalhard
Well-known member
- Joined
- Aug 7, 2006
- Messages
- 123
- Programming Experience
- Beginner
Hi,
Using an appliaction i have produced self-signed certificate.
Currently i have three files there:
cert.crt
cert.csr
cert.key
So my question is; how do i implement this certificate in the code in order to use an encrypted channel for transfering passwords and file contents.
The code i have works flawless with disabled FtpWebRequest's EnableSsl property.
If i enable the EnableSsl i am getting the next exception:
The remote certificate is invalid according to the validation procedure.
which is exception that is thrown when authentication fails for an authentication stream.
Ok then i tried to create new certificate from File:
But i still get the same message/exception.
Now if i understand well this Wikipedia statement:
Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security—in which both ends of the "conversation" are sure with whom they are communicating—is known as mutual authentication.
I can go for the typical way of authentication only the server that means i do not need even self signed one.
However, i cannot find solution for my problem. I have noticed that actually many people are strugglling with the same problem but, it seems like there is not any good tutorial on how to properly either implement self-signed cert or use EnableSsl property along FtpWebRequest class without having cert on client side.
Thank you
_______________________________________________________
I was wondering if this can be of help; namely, I tested it from this FTP test web site http://www.g6ftpserver.com/en/ftptest and it returns following:
* About to connect() to domain.elementfx.com port 21
* Trying 70.86.238.xxx... connected
* Connected to domain.elementfx.com (xx.86.238.xxx) port 21
< 220---------- Welcome to Pure-FTPd [TLS] ----------
< 220-You are user number 2 of 50 allowed.
< 220-Local time is now 03:56. Server port: 21.
< 220-This is a private system - No anonymous login
< 220-IPv6 connections are also welcome on this server.
< 220 You will be disconnected after 15 minutes of inactivity.
> AUTH SSL
< 500 This security scheme is not implemented
> AUTH TLS
< 234 AUTH TLS OK.
* successfully set certificate verify locations:
* CAfile: d:\www-bin\curl\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=cossacks.x10hosting.com/emailAddress=ssl@cpanel.net
* start date: 2007-09-21 14:51:55 GMT
* expire date: 2035-02-05 14:51:55 GMT
* common name: cossacks.x10hosting.com (does not match 'domain.elementfx.com')
* issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=cossacks.x10hosting.com/emailAddress=ssl@cpanel.net
* SSL certificate verify result: error number 1 (18), continuing anyway.
> USER trial
< 331 User trial OK. Password required
> PASS *****
< 230-User trial has group access to: trial
< 230 OK. Current restricted directory is /
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 534 Fallback to [C]
> PWD
< 257 "/" is your current location
* Entry path is '/'
> CLNT Testing from http://www.g6ftpserver.com/ftptest from IP xx.205.28.xxx
< 500 Unknown command
* QUOT command failed with 500
* Connection #0 to host domain.elementfx.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Thanks ones agains
Using an appliaction i have produced self-signed certificate.
Currently i have three files there:
cert.crt
cert.csr
cert.key
So my question is; how do i implement this certificate in the code in order to use an encrypted channel for transfering passwords and file contents.
The code i have works flawless with disabled FtpWebRequest's EnableSsl property.
VB.NET:
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(serverUri);
request.Credentials = new NetworkCredential("xxxxxl", "xxxxxx");
request.UsePassive = true;
request.EnableSsl = false;
request.Method = WebRequestMethods.Ftp.ListDirectory;
// normally the exception is always thrown on this line
FtpWebResponse response = (FtpWebResponse)request.GetResponse();If i enable the EnableSsl i am getting the next exception:
The remote certificate is invalid according to the validation procedure.
which is exception that is thrown when authentication fails for an authentication stream.
Ok then i tried to create new certificate from File:
VB.NET:
X509Certificate cert = X509Certificate.CreateFromCertFile(@"C:\TestTLS\CERTS\cert.crt");
request.ClientCertificates.Add(cert);But i still get the same message/exception.
Now if i understand well this Wikipedia statement:
Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating. The next level of security—in which both ends of the "conversation" are sure with whom they are communicating—is known as mutual authentication.
I can go for the typical way of authentication only the server that means i do not need even self signed one.
However, i cannot find solution for my problem. I have noticed that actually many people are strugglling with the same problem but, it seems like there is not any good tutorial on how to properly either implement self-signed cert or use EnableSsl property along FtpWebRequest class without having cert on client side.
Thank you
_______________________________________________________
I was wondering if this can be of help; namely, I tested it from this FTP test web site http://www.g6ftpserver.com/en/ftptest and it returns following:
* About to connect() to domain.elementfx.com port 21
* Trying 70.86.238.xxx... connected
* Connected to domain.elementfx.com (xx.86.238.xxx) port 21
< 220---------- Welcome to Pure-FTPd [TLS] ----------
< 220-You are user number 2 of 50 allowed.
< 220-Local time is now 03:56. Server port: 21.
< 220-This is a private system - No anonymous login
< 220-IPv6 connections are also welcome on this server.
< 220 You will be disconnected after 15 minutes of inactivity.
> AUTH SSL
< 500 This security scheme is not implemented
> AUTH TLS
< 234 AUTH TLS OK.
* successfully set certificate verify locations:
* CAfile: d:\www-bin\curl\curl-ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using AES256-SHA
* Server certificate:
* subject: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=cossacks.x10hosting.com/emailAddress=ssl@cpanel.net
* start date: 2007-09-21 14:51:55 GMT
* expire date: 2035-02-05 14:51:55 GMT
* common name: cossacks.x10hosting.com (does not match 'domain.elementfx.com')
* issuer: /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=cossacks.x10hosting.com/emailAddress=ssl@cpanel.net
* SSL certificate verify result: error number 1 (18), continuing anyway.
> USER trial
< 331 User trial OK. Password required
> PASS *****
< 230-User trial has group access to: trial
< 230 OK. Current restricted directory is /
> PBSZ 0
< 200 PBSZ=0
> PROT P
< 534 Fallback to [C]
> PWD
< 257 "/" is your current location
* Entry path is '/'
> CLNT Testing from http://www.g6ftpserver.com/ftptest from IP xx.205.28.xxx
< 500 Unknown command
* QUOT command failed with 500
* Connection #0 to host domain.elementfx.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
Thanks ones agains
