Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VeriSign Intermediate CA causing issues #8741

Closed
cyberduck opened this issue Apr 12, 2015 · 4 comments
Closed

VeriSign Intermediate CA causing issues #8741

cyberduck opened this issue Apr 12, 2015 · 4 comments
Assignees
Labels
bug fixed s3 AWS S3 Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

c790c54 created the issue

When I connect to S3 there is a certificate in the login keychain called 's3.amazonaws.com' and this is signed by the VeriSign G3 CA, which in turn is signed by the VeriSign G5 CA.

The problem is that there are two intermediate certificate authority certificates in the login keychain and this is stopping me from accessing web site signed by VeriSign (e.g. https://getsupport.apple.com) as it says the site's certificate is signed by an untrusted issuer.

If I remove these CA from the login keychain then I can access the sites signed by VeriSign, but the next time I run CyberDuck and access S3, the two CAs are back in my login keychain.

Do you know how to get the s3 certificate signed by the CAs in the Systems Roots keychain so I do not need the copies in the login keychan?

I have been on to Apple support, but they don't seem to be able to resolve the issue for me.

I am running OSX 10.9.5 with the latest security patches.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [8741 chesteap]:

Do you know how to get the s3 certificate signed by the CAs in the Systems Roots keychain so I do not need the copies in the login keychan?

It should be possible to drag these CA certificates to the System keychain using Keychain Access.app.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

During trust evaluation we add the certificate chain retrieved from the server to the login keychain. We will need to evaluate if this is actually required.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Fix in 58d0227.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

See also #8775 for a follow up discussion.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug fixed s3 AWS S3 Protocol Implementation
Projects
None yet
Development

No branches or pull requests

2 participants