PowerShell-Windows可信证书无法通过FTP验证SSL

Question

I complete steps 1-4 of this answer , which adds my certificate to the "Trusted Root Certification Authorities" > "Certificates," and the certificate is granted <All> intended purposes.

Executing the below PowerShell code fails with The remote certificate is invalid according to the validation procedure when $ftp_request.EnableSsl = $true . It succeeds when $ftp_request.EnableSsl = $false .

$file_folder = "C:\Users\username\Desktop"
$file_name = "test.txt"
$file_path = "$file_folder\$file_name"
$ftp_path = "ftp://127.0.0.1/$file_name"

$username = "user"
$pwd = "pass"

# Create a FTPWebRequest object to handle the connection to the ftp server
$ftp_request = [System.Net.FtpWebRequest]::Create($ftp_path)

# set the request's network credentials for an authenticated connection
$ftp_request.Credentials =
    New-Object System.Net.NetworkCredential($username, $pwd)

$ftp_request.UseBinary = $true
$ftp_request.UsePassive = $true
$ftp_request.KeepAlive = $false

$ftp_request.EnableSsl = $true

$ftp_request.Method = [System.Net.WebRequestMethods+Ftp]::UploadFile

$file_contents = Get-Content -en byte $file_path
$ftp_request.ContentLength = $file_contents.Length

$ftp_stream = $ftp_request.GetRequestStream()
$ftp_stream.Write($file_contents, 0, $file_contents.Length)
$ftp_stream.Close()
$ftp_stream.Dispose()

I know that it's possible to manually handle this by writing a handler to ServicePointManager.ServerCertificateValidationCallback , but I would like to have SSL certificates handled automatically by the Windows cert manager.

Answer 1

 $ftp_path = "ftp://127.0.0.1/$file_name" 

Adding a certificate as trusted for all purposes does not mean that a certificate is trusted for all hosts. The hostname you use to connect still has to match the subject of the certificate. And while you don't provide any information about the certificate itself my guess is that your certificate is not issued for the subject "127.0.0.1".