Hello, I have the requirement to verify the certificate in a C# FTPS Client implementation actually using ChilkatDotNet45.dll 22.214.171.124. Using the docs I came across RequireSslCertVerify and set the property to true. As the docs say: "The certificate is expired, or if the cert's signature is invalid." this is verified, but I did not find a possibility to verify the CA of the certificate or the certificate chain. Is this possible with the chilkat FTPS implementation? Best regards Jochen Kluger
You can get the server certificate by calling the GetSslServerCert method when connected via SSL/TLS.
I updated the documentation to clarify:
The server's certificate signature is verified with its issuer, and the issuer's cert is verified with its issuer, etc. up to the root CA cert. If a signature verification fails, the connection is not allowed. Also, if the certificate is expired, or if the cert's signature is invalid, the connection is not allowed.
A way for determining if the CA root is one you trust is shown here: https://www.example-code.com/csharp/http_trustedRoot.asp