使用 SSL 的 FTPS 连接答案

【问题标题】：FTPS connection using SSL使用 SSL 的 FTPS 连接
【发布时间】：2018-01-25 18:44:35
【问题描述】：

我正在尝试将我的 FTP 调用切换到 PowerShell 上的 FTPS，以使它们更安全。我目前使用 WebRequest 库进行 FTP 调用，发现有一个 EnableSsl 方法，您可以将其设置为 true 以使用 SSL。我不确定将 FTP 连接设置为 FTPS 是否正确，但我也在尝试在连接之前验证证书信息。

有没有办法做到这一点？下面的代码片段示例：

$request = [Net.WebRequest]::Create($url)
$request.Method = [System.Net.WebRequestMethods+FTP]::ListDirectory
if ($credentials) { $request.Credentials = $credentials }
$request.UsePassive = $true
$request.EnableSsl = $true;
$response = $request.GetResponse()
$reader = New-Object IO.StreamReader $response.GetResponseStream() 
$reader.ReadToEnd()
$reader.Close()
$response.Close()

【问题讨论】：

至于这个---我也在尝试在连接之前验证证书信息。 --- 你控制这个 FTP 站点，还是被 3rdP 控制？
您可以按照 C# 示例 blogs.msdn.microsoft.com/adarshk/2005/04/22/… 但相应地，对于诸如 ftps.codeplex.com 之类的站点，.NET Framework 内置类有一些限制，可能会阻止您连接到某些 FTPS 设置。跨度>

标签： .net powershell ftps

【解决方案1】：

浏览我的库，这是我在实验室中拥有并使用的一个函数，它可能对您有用。我没有要测试的 FTP 服务器，但这适用于远程 SSL 目标 - 内部和外部

Function Request-CertificateDetails
{
    [CmdletBinding()]

    [Alias('rcd')]

    Param
    (
        [string[]]$Destination = (Read-Host 'Enter a NetBIOS name, FQDN or URL to the host'),
        [string]$Port = '443',
        [switch]$CertificateChain
    )

    $WebRequest = [Net.WebRequest]::CreateHttp("https://$($Destination):$Port")
    $WebRequest.AllowAutoRedirect = $true
    $chain = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Chain
    [Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

    #Request website
    try {$Response = $WebRequest.GetResponse()}
    catch {}

    #Creates Certificate
    $Certificate = $WebRequest.ServicePoint.Certificate.Handle
    $Issuer = $WebRequest.ServicePoint.Certificate.Issuer
    $Subject = $WebRequest.ServicePoint.Certificate.Subject

    #Build chain
    $chain.Build($Certificate)
    $chain.ChainElements.Count #This returns "1" meaning none of the CA certs are included.
    $chain.ChainElements[0].Certificate.IssuerName.Name

    [Net.ServicePointManager]::ServerCertificateValidationCallback = $null

    If($CertificateChain)
    {
        $chain.ChainElements.Certificate
        $chain.ChainElements.Certificate | Select-Object *
    }
}

# Is the cert available and valid
Request-CertificateDetails -Destination 'stackoverflow.com' -Port 443


#Results

True
3
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


# Is the cert available and valid and list the cert chain
Request-CertificateDetails -Destination 'stackoverflow.com' -Port 443 -CertificateChain


# Results


True
3
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Thumbprint                                Subject                                                                                                                       
----------                                -------                                                                                                                       
47ADB03649A2EB18F63FFA29790818349A99CAB7  CN=*.stackexchange.com, O="Stack Exchange, Inc.", L=New York, S=NY, C=US                                                      
A031C46782E6E6C662C2C87C76DA9AA62CCABD8E  CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US                                          
5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US                                              

EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList          : {*.stackexchange.com, stackoverflow.com, *.stackoverflow.com, stackauth.com...}
SendAsTrustedIssuer  : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
FriendlyName         : 
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : Wed 14 Aug 02019 05:00:00
NotBefore            : Fri 20 May 02016 17:00:00
HasPrivateKey        : False
PrivateKey           : 
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 7, 30...}
SerialNumber         : 0E11BBD70D54B710D0C6F540B6B52CA4
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 47ADB03649A2EB18F63FFA29790818349A99CAB7
Version              : 3
Handle               : 1932723065648
Issuer               : CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Subject              : CN=*.stackexchange.com, O="Stack Exchange, Inc.", L=New York, S=NY, C=US


EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList          : {DigiCert SHA2 High Assurance Server CA}
SendAsTrustedIssuer  : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
FriendlyName         : 
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : Sun 22 Oct 02028 05:00:00
NotBefore            : Tue 22 Oct 02013 05:00:00
HasPrivateKey        : False
PrivateKey           : 
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 4, 177...}
SerialNumber         : 04E1E7A4DC5CF2F36DC02B42B85D159F
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : A031C46782E6E6C662C2C87C76DA9AA62CCABD8E
Version              : 3
Handle               : 1932723063856
Issuer               : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Subject              : CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US


EnhancedKeyUsageList : {Server Authentication (1.3.6.1.5.5.7.3.1), Client Authentication (1.3.6.1.5.5.7.3.2), Secure Email (1.3.6.1.5.5.7.3.4), Code Signing 
                       (1.3.6.1.5.5.7.3.3)...}
DnsNameList          : {DigiCert High Assurance EV Root CA}
SendAsTrustedIssuer  : False
Archived             : False
Extensions           : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName         : DigiCert
IssuerName           : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter             : Sun 09 Nov 02031 16:00:00
NotBefore            : Thu 09 Nov 02006 16:00:00
HasPrivateKey        : False
PrivateKey           : 
PublicKey            : System.Security.Cryptography.X509Certificates.PublicKey
RawData              : {48, 130, 3, 197...}
SerialNumber         : 02AC5C266A0B409B8F0B79F2AE462577
SubjectName          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm   : System.Security.Cryptography.Oid
Thumbprint           : 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Version              : 3
Handle               : 1932723062704
Issuer               : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Subject              : CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

【讨论】：