New SSL causes problems

+1 vote

Hi,

My VB application with ftp.dll did handle ftp exchanges with a key website (www.civa-results.com) but I have now added an SSL certificate from RapidSSL and the following occurs:

If I include the addHandler Myftp.ServerCertificateValidate etc. then Myftp.ConnectSSL(the URI) invokes the certificate sub you recommend - this reveals zero SslPolicyErrors but six ignoredErrors and the following connect(URI) statement fails and diverts processing to the Catch statement with text "The remote certificate is invalid according to the validation procedure."

If I comment-out the addHandler the connect(URI) and login(username, password) work fine, but then I can't do any work - change the folder, do uploads/downloads - they all error. I am happy to provide the credentials for this website privately if required.

My FileZilla client with unchanged credentials continues to work fine with this website.

The .htaccess file I have put in the root folder of the website is as recommended by the host company -

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !.well-known/acme-challenge
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

If I delete the .htaccess file from the website root it doesn't seem to make any difference.

Please can you advise me what steps I can take to resolve these issues?
Thanks

by (750 points)
I'm a bit lost: are you saying you get the SSL/TLS errors only when you check the validity of the certificate yourself?
by (301k points)
Not quite! If I check the certificate validity then the connectSSL errors. If I don't check the validity then the login is successful (both ConnectSSL and connect) but I can't change the folder and all upload/download statements fail too. The system was fine using plain ftp until I added the SSL to the website, now it looks like something at the server end either needs some more code from me or maybe isn't correct. Any ideas?
by (750 points)
Why do you check the validity of the certificate yourself if the certificate is valid? Unless there is a good reason - and there is none if the certificate is simply valid - do not do that.
by (301k points)
> can't change the folder
What error are you getting?
by (301k points)
Aaah - OK, I have realised that the folder structure on this website is not the same as others I use and what I had assumed, and I now can do what I need. My mistake through not enough experience, apologies.

Strangely I can login to this site with either connect(...) or connectSSL(...) and they both work fine, though this does seem unusual. Will that have any other effects?

I had from the start used the Validate Certificate code you suggested in https://www.limilabs.com/blog/use-ssl-with-ftp-ftps and this had worked fine with ftp sites and also one other SSL site which still works with just connect(...) and not connectSSL(...) although I can see now that you say this is required only for self-signed certificates. Clearly if I don't use this sbrt then everything works OK. I will leave this out now, seems to be OK.

Thank you for this exchange. Not enough knowledge here, but with your guidance slowly improving.
NickB
by (750 points)
Ftp.Connect is not using SSL/TLS by default (connection can be secured later by using STLS command). Ftp.ConnectSSL does use SSL/TLS from the start.

Usually FTP servers are run on 2 ports port 21 - plain connection, and 990 for SSL/TLS connections.
by (301k points)

1 Answer

0 votes

Unless there is a good reason - and there is none, if the certificate is simply valid - do not use ServerCertificateValidate event.

.htaccess file is most likely unrelated.

Examine the errors you get from ChangeFolder - most likely this is not a problem with SSL/TLS at all.

by (301k points)
...