New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wildcard certificate problem with custom root CA #6953
Comments
We use native Windows certificate chain validation, therefore settings in Java preferences have no effect. |
What is the exact certificate validation error? Just a hostname mismatch or a trust validation failure? |
As stated above, I put it in the windows certificate store as well and it works for IE, so it is installed correctly. The error I get is 'Certificate is not valid". See screenshot. (I had to blank out the hostname, to protect the innocent.) |
Looks like there is an issue with hostname validation trying to match hostname with the common name wildcard in the certificate. |
yes, indeed. Can I give you more information in some way, so that you will be able to tell me, what is wrong? |
I have setup a test environment with a self-signed Certificate Authority and issued a wildcard certificate for my test web server. After importing the root certificate into the certificate store 'Trusted Root Certification Authorities' (either user or computer store) Cyberduck did not complain anymore about an invalid certificate. The behavior is as expected. Is there any chance that you can send me both the root and machine certificate to mailto:feedback@cyberduck.ch? As you don't send me the private keys this is not security critical. |
I am having a problem with wildcard certificates for webdav over https. Here is the current situation:
I have a server, that uses SSL. The certificate used by the server is signed by our own internal root CA. I have installed this root CA in the certificate management on windows, following the documentation on http://windows.microsoft.com/is-IS/windows-vista/View-or-manage-your-certificates. After that, I verified, that IE trusts the certificate of my server signed with this root CA. This works, which means, the root CA is correctly installed. After that I tried it with cyberduck and it does not trust the server at all.
After some googling around, I saw that cyberduck is written in java, so I went into the control panel and installed the root CA in the java configuration thing as well. This still has no effect. Cyberduck keeps on telling me, that the cert is not valid, while all other software trusts it.
The hostname of the server is something like foo.secure.example.com and the cert is valid for *.secure.example.com. As I said above, it works with other windows software, just not with cyberduck.
What am I doing wrong?
Attachments
2012-11-09-110912_1366x768_scrot.png
(21.3 KiB)The text was updated successfully, but these errors were encountered: