The remote certificate is invalid according to the validation procedure
If you get “The remote certificate is invalid according to the validation procedure” exception while trying to establish SSL connection, most likely your server certificate is self-signed or you used incorrect host name to connect (Host name must match the name on certificate, for example ftp.example.com and example.com may point to the same server, but certificate is issued only to ftp.example.com and this is the address you should use).
Good news is that you can accept self-signed certificates using Ftp.dll FTP and FTPS .NET component.
First you need to subscribe to ServerCertificateValidate event.
Then you need to create Validatemethod that validates the certificate (ignores certificate chain and name mismatch errors).
// C# version
using (Ftp client = new Ftp())
{
// Use custom certificate validation:
client.ServerCertificateValidate +=
new ServerCertificateValidateEventHandler(Validate);
// Minimalistic version to accept any certificate:
//
//client.ServerCertificateValidate +=
// (sender, e) => { e.IsValid = true; };
//
client.ConnectSSL("ftp.example.org");
client.Login("username", "password");
foreach (FtpItem item in client.GetList())
{
if (item.IsFolder == true)
Console.WriteLine("[{0}]", item.Name);
else
Console.WriteLine"{0}", item.Name);
}
client.Close();
}
private static void Validate(
object sender,
ServerCertificateValidateEventArgs e)
{
const SslPolicyErrors ignoredErrors =
// self-signed
SslPolicyErrors.RemoteCertificateChainErrors
// name mismatch
| SslPolicyErrors.RemoteCertificateNameMismatch;
if ((e.SslPolicyErrors & ~ignoredErrors)
== SslPolicyErrors.None)
{
e.IsValid = true;
return;
}
e.IsValid = false;
}
' VB.NET version
Using client As New Ftp()
' Use custom certificate validation:
AddHandler client.ServerCertificateValidate, AddressOf Validate
client.ConnectSSL("ftp.example.org")
client.Login("username", "password")
For Each item As FtpItem In client.GetList()
If item.IsFolder = True Then
Console.WriteLine("[{0}]";, item.Name)
Else
Console.WriteLine("{0}", item.Name)
End If
Next
client.Close()
End Using
Private Sub Validate( _
ByVal sender As Object, _
ByVal e As ServerCertificateValidateEventArgs)
Const ignoredErrors As SslPolicyErrors = _
' self-signed
SslPolicyErrors.RemoteCertificateChainErrors _
' name mismatch
Or SslPolicyErrors.RemoteCertificateNameMismatch
If (e.SslPolicyErrors And Not ignoredErrors) = SslPolicyErrors.None Then
e.IsValid = True
Return
End If
e.IsValid = False
End Sub
May 30th, 2015 at 12:52
I want to use your FTP component on aspx page that runs entirely on the web server (IIS). The server uses .net 2.0
I have to connect to a remote SSL FTP server that uses a certificate.
I get above error when i try to connect.
I guess that is because the addhandler code is not being executed on the webserver (that only applies to a client (actual person I think).
How can I use your FTP componentL in this way?
May 30th, 2015 at 18:25
@Ronald
1.
Make sure you have add the event handler
2.
Accept the certificate by setting e.IsValid = true.
June 1st, 2015 at 11:01
@Support
I have done that, but i still get the error message.
I think it has something to do with the fact that my web-page (ASPX) runs entirely on de the server (IIS).
There is NO user interaction, so the addhandler is NOT fired, so the certificate is not accepted.
Is there another way I can accompish this?
Regards,
Ronald
June 1st, 2015 at 14:49
@Support
Aparently it does work the way you described.
I have to add the certificate to the certificate store of IIS.
I will let you know if that will do the trick
June 5th, 2015 at 20:15
@Ronald
> There is NO user interaction, so the addhandler is NOT fired
Event handlers don’t not require user interaction.
Are you sure it’s not fired? Are able to use debugger to check?
We are using this code for self signed certificates in our test environment,
so I’m pretty sure that it works correctly