FtpWebRequest "The remote certificate is invalid according to the validation procedure"
Solution 1
You have to overwrite the certificate checks so that they will always be considered good. That won't prevent the channel to remain SSL protected.
Uri target = new Uri("ftp://yourUri");
string fileName = @"fullPathOfYourFile";
FtpWebRequest request = (FtpWebRequest)WebRequest.Create(target);
request.Method = WebRequestMethods.Ftp.UploadFile;
request.Credentials = new NetworkCredential("user", "password");
request.EnableSsl = true;
//overwrite the certificate checks
ServicePointManager.ServerCertificateValidationCallback =
(s, certificate, chain, sslPolicyErrors) => true;
// Copy the contents of the file to the request stream
//....
Solution 2
The most voted answer by @Luca blindly accepts any certificate. That's a security flaw.
When implementing ServicePointManager.ServerCertificateValidation
callback one should validate the certificate. E.g. by checking certificate's hash against a known value:
using System.Net;
using System.Net.Security;
using System.Security.Cryptography;
ServicePointManager.ServerCertificateValidationCallback +=
(sender, certificate, chain, errors) =>
{
return
(errors == SslPolicyErrors.None) ||
certificate.GetCertHashString(HashAlgorithmName.SHA256).Equals(
"EB8E0B28AE064ED58CBED9DAEB46CFEB3BD7ECA677...");
};
For the X509Certificate.GetCertHashString
overload that takes HashAlgorithmName.SHA256
, you need .NET 4.8. On older versions use the parameter-less overload that returns an SHA-1 hash.
For VB.NET version of the code, see Accept self-signed TLS/SSL certificate in VB.NET.
Solution 3
You also get this error if you try to connect to IP address instead of domain name. Since certificate is issued to the domain name, IP address wont work.
Related videos on Youtube
John Smith
Updated on September 15, 2022Comments
-
John Smith over 1 year
I have a .NET client application that tries to ftp over a file to an FTP site which has a self-signed TLS/SSL certificate. This FTP site is running on Windows 7 Enterprise, IIS 7. I am getting the following error:
The remote certificate is invalid according to the validation procedure
I have tried installing the certificate in the trusted root certificates but that still does not work.
I have used the delegate call back in the code that is mentioned some of the posts here - it works. But I do not want to use that in my production code.
Also in production some of our customers are using self-signed certificates.
Any ideas on how to fix this issue?
-
Rich almost 9 yearsIt turned out I had a similar problem. The FtpWebRequest was using an IP address ("1.2.3.4") and of course the cert was a wildcard one issued to the domain name ("*.example.com"). Once I switched to using the domain name in my FtpWebSession this error went away.
-
Martin Prikryl about 3 yearsWhile this "works", it's not secure. You should verify the certificate, not blindly accept any. For a way to validate the certificate, see my answer.