Setting up the TE to connect to an FTP server over SSL (via scripting) involves several steps. Follow the instructions below carefully.
You must know whether the TE will require the use of server certificates only, or both server and client certificates.
Server Certificates
Most FTP SSL servers will provide a certificate to the client during authentication. The certificate proves the server's legitimacy to the client. The server’s certificate must be added the client’s Trusted Certificate store prior to any connection, otherwise the TE will lock up when trying to authenticate.
1. Export or obtain a copy of the server’s certificate from the FTP server administrator. Otherwise connect to the server with the CuteFTP GUI (interface) from the developer machine and manually accept the server’s certificate. You can then export it from the Trusted List under Global Options > Security > SSL Security to a staging directory of your choice.
2. Place/Install the certificate into the target machine’s Default User directory. For example:
C:\Documents and Settings\Default User\Application Data\GlobalSCAPE\CuteFTP Pro\6.0\Security
3. If you will also be running the TE while logged in, place a copy of the server certificate under the USER folder on the target machine, as follows:
C:\Documents and Settings\[USERNAME]\Application Data\GlobalSCAPE\CuteFTP Pro\6.0\Security
- where [USERNAME] is the login name for the user.
4. You can also tell the TE to auto-accept SSL or SSH certificates using the AutoCloseMethod parameter of the Option method. Also refer to the following trouble shooting topic regarding running the TE while not logged in.
Now when you connect, the TE will see the server’s certificate and proceed with the connection.
Client Certificates
Some FTP SSL servers require that the client provide a certificate. The certificate proves the veracity of the client and is an important factor in weeding out spurious FTP clients masquerading as legitimate ones.
To setup the target system to use client certificates
1. On the developer machine, create the client certificate and private key pair using the CuteFTP GUI (interface). The certificate creation utility is located under the Tools > Global Settings > Security > SSL dialog.
2. Add the client certificate to the server’s trusted list. Do this by connecting to the server with the CuteFTP GUI (interface) from the developer machine. On the server, move the certificate from the Pending to the Trusted list. If your server only has a Trusted list, manually import the client certificate into the Trusted list.
3. Place the client certificate and private key into the target machine’s USER folder:
C:\Documents and Settings\[USERNAME]\Application Data\GlobalSCAPE\CuteFTP Pro\6.0\Security
- where [USERNAME] is the login name for the user.
4. If you created the certificate set on the developer machine, export the following registry key:
HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\Settings\SecuritySSL
5. Import the registry key from step 4 onto the target machine, or manually create the necessary entries. The entries are shown in standard .reg file notation.
REGEDIT4
[HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP Pro 3.0\Settings\SecuritySSL]
"SSLCertificate"="C:\\Documents and Settings\\[USERNAME]\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\6.0\\Security\\client.crt"
"SSLPrivateKey"="C:\\Documents and Settings\\[USERNAME]\\Application Data\\GlobalSCAPE\\CuteFTP Pro\\6.0\\Security\\client.key"
"UseSSLCertificate"=dword:00000001
"UseSSLCertPassphrase"=dword:00000001
"ReuseSSLData"=dword:00000000
"WarnWhenToNonSecure"=dword:00000001
"DataTransportMethod"=dword:00000001
"SSLCertPassphrase"="[PASSWORD]"
- Where [USERNAME] is the login name for the target system and where [PASSWORD] is the encrypted password exported from the source machine. Don't modify the password!
Now when you connect, the TE will find the client certificate and use it to authenticate with the server.
Here is a sample script that connects to a fictitious site running SSL Implicit over port 990. It also writes to the event log for debugging purposes. if you use this script to test your setup, make sure you modify the MySite.Host line to include your actual FTP SSL server host and login information.
#file test.vbs
Const EVENT_SUCCESS = 0
Set objShell = Wscript.CreateObject("Wscript.Shell")
objShell.LogEvent EVENT_SUCCESS,"AT Loaded me"
Set MySite= CreateObject("CuteFTPPro.TEConnection")
MySite.Option ("ThrowError") = True
MySite.Host = "ftp://myuser:mypass@ftp.mysslserver.com:990
objShell.LogEvent EVENT_SUCCESS,"vars set"
MySite.Connect
objShell.LogEvent EVENT_SUCCESS, "connected"
MySite.Disconnect
MySite.Close