Search code examples
c#ftpssl-certificatefluentftp

FluentFTP: The remote certificate is invalid according to the validation procedure

When I try to connect to my FTP server to upload a file with FluentFTP I get this:

The remote certificate is invalid according to the validation procedure.

Yet FileZilla works fine with no error or warnings.

Am I doing something wrong and if it's actually a problem with the server how can I ignore this error

Here's my code:

var credentials = new NetworkCredential(Username, Password);
FtpClient client = new FtpClient(Host, credentials)
{
    Port = Port,
    EncryptionMode = FtpEncryptionMode.Explicit
};
client.DataConnectionEncryption = true;

client.Connect();
var result = client.UploadFileAsync(FilePathName, RemotePathName, AllowOverwrite ? FtpExists.Overwrite : FtpExists.Skip, CreateRemoteDirectory, token).GetAwaiter().GetResult();
client.Disconnect();

I also tried adding the event client.ValidateCertificate += Client_ValidateCertificate;

private static void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    e.PolicyErrors = SslPolicyErrors.None;
}

but I couldn't get that to work either I still get the same error.

Here's the output from FileZilla:

Status: Selected port usually in use by a different protocol.
Status: Resolving address of xxxxxxxxxxxxxxxxxxxxxx
Status: Connecting to xxx.xxx.xxx.xxx:xx...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing of "xxxxxxxxxxxxx"...
Status: Directory listing of "xxxxxxxxxxxxx" successful
Solution

  • Client_ValidateCertificate needs to manually accept the certificate like this:

    private static void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    e.Accept = true;
}

    However it's really a bad idea to just blindly accept any Certificate. I ended up doing something like this:

    private void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    if (e.PolicyErrors == SslPolicyErrors.None || e.Certificate.GetRawCertDataString() == TrustedRawCertData)
    {
        e.Accept = true;
    }
    else
    {
        throw new Exception($"{e.PolicyErrors}{Environment.NewLine}{GetCertificateDetails(e.Certificate)}");
    }
}