How do I get lftp to use SSL/TLS security mechanism from the command line?

Question

I\'m trying to log into an ftps site. I\'ve tried giving the login creds at the command line (and putting set parameters in ~/.lftprc, the

Answer 1

My answer provides access for a single user on your system rather than a system-wide certificate.

lftp uses Transport Layer Security (TLS). So it’s essential to first grab the certificate from the FTP server.

openssl s_client -connect <ftp-hostname>:21 -starttls ftp

I include the entire certificate chain in a new file called cert.crt in my local ~/.lftp folder. At the very least, you're looking to include all the text of the certificate itself: -----BEGIN CERTIFICATE----- <...> -----END CERTIFICATE-----.

• I create a file called rc in the local ~/.lftp folder and add the lines
  • set ssl:ca-file “cert.crt”
  • set ssl:check-hostname no (this prevents Fatal error: Certificate verification: certificate common name doesn't match requested host name ‘<ftp-hostname>’ when running a command like ls remotely)

Answer 2

lftp version must be >= 4.6.3 (Debian user)