Automating FTPS Transfers on Windows: Command-Line Client Solutions


4 views

When it comes to automating secure file transfers on Windows, many developers find themselves stuck between protocol limitations and tool availability. The core issue emerges when trying to use FTPS (FTP over SSL/TLS) with native Windows command-line tools. While Windows includes a basic ftp.exe, it lacks FTPS support entirely.

The common alternative - SFTP - presents its own challenges:

  • Limited Windows server options (FreeSSHD being outdated)
  • FileZilla Server's excellent FTPS support makes it a better server choice
  • WinSCP only handles SFTP, not FTPS, in its command-line mode

This leaves us needing proper FTPS client solutions.

Here are three viable approaches for FTPS automation:

1. cURL: The Swiss Army Knife

curl --ftp-ssl -u username:password -T localfile.txt ftps://server.com/path/ --cacert cert.pem

Key flags:

  • --ftp-ssl enables FTPS
  • --cacert specifies certificate (omit for self-signed)
  • Add -k to ignore SSL errors (testing only)

2. WinSCP with .NET Assembly

While WinSCP's console doesn't support FTPS, its .NET assembly does:

# PowerShell example
Add-Type -Path "WinSCPnet.dll"

$sessionOptions = New-Object WinSCP.SessionOptions -Property @{
    Protocol = [WinSCP.Protocol]::Ftp
    HostName = "server.com"
    UserName = "user"
    Password = "pass"
    FtpSecure = [WinSCP.FtpSecure]::Implicit
}

$session = New-Object WinSCP.Session
$session.Open($sessionOptions)
$session.PutFiles("localfile.txt", "/remote/").Check()
$session.Dispose()

3. Commercial Option: edtFTPnet

For .NET developers needing robust FTPS:

// C# example
using EnterpriseDT.Net.Ftp;

FTPConnection ftp = new FTPConnection();
ftp.ServerAddress = "server.com";
ftp.UserName = "user";
ftp.Password = "pass";
ftp.ConnectMode = FTPConnectMode.IMPLICIT_SSL;
ftp.Connect();

ftp.UploadFile("localfile.txt", "/remote/file.txt");

When working with FTPS:

  • Implicit SSL (port 990) vs Explicit SSL (port 21)
  • Certificate validation requirements vary by client
  • Self-signed certificates may need special handling

For cURL, you might need:
--ssl-reqd --ssl-allow-beast --insecure for problematic servers

For scheduled tasks:

  • Use Windows Task Scheduler with cURL commands
  • Store credentials securely (not in scripts)
  • Implement proper error handling and logging

Example batch script snippet:

@echo off
curl --ftp-ssl -u %FTP_USER%:%FTP_PASS% -T %1 ftps://server.com/upload/ >> transfer.log 2>&1
if errorlevel 1 (
    echo [%date% %time%] Failed to upload %1 >> error.log
    exit /b 1
)

When building automated workflows on Windows, finding a reliable command-line FTPS (FTP over SSL/TLS) client can be surprisingly difficult. Unlike SFTP which has multiple clients available, FTPS support in Windows-native tools is limited. This becomes problematic when you need to integrate with enterprise systems using FileZilla Server or other FTPS-enabled servers.

Here are the most practical solutions for FTPS automation on Windows:

  • cURL - The versatile transfer tool supports FTPS (both implicit and explicit)
  • WinSCP - While primarily GUI-based, it offers powerful scripting capabilities
  • LFTP - Available through Cygwin or Windows Subsystem for Linux
  • NcFTP - A enhanced FTP client with SSL support

Here's how to perform a secure FTPS transfer using cURL:

curl --ftp-ssl --user username:password -T localfile.txt ftps://server.example.com/remote/path/

For batch scripting, you might use:

@echo off
set FTPS_SERVER=ftps://files.example.com
set USERNAME=your_user
set PASSWORD=your_pass
set LOCAL_FILE=C:\data\export.zip
set REMOTE_PATH=/uploads/

curl --ftp-ssl --user %USERNAME%:%PASSWORD% -T %LOCAL_FILE% %FTPS_SERVER%%REMOTE_PATH%

WinSCP supports FTPS through scripting:

option batch abort
option confirm off
open ftpes://user:password@ftps.example.com/
put C:\backups\*.zip /remote/backups/
exit

Save this as transfer.txt and execute with:

winscp.com /script=transfer.txt

When using FileZilla Server for FTPS:

  • Enable "Force explicit FTP over TLS" in server settings
  • Generate proper certificates (self-signed or CA-signed)
  • Configure passive mode ports if behind firewall

If encountering connection problems:

curl -v --ftp-ssl --ssl-reqd --user user:pass ftp://example.com

The -v flag provides verbose output to diagnose SSL/TLS handshake issues.

For Windows-native solutions, PowerShell 7+ supports FTPS:

$cred = Get-Credential
$source = "C:\data\report.csv"
$destination = "ftps://ftp.example.com/incoming/report.csv"

Invoke-RestMethod -Uri $destination -Credential $cred -InFile $source -Method Put -UseBasicParsing