Cyberduck
Mountain Duck
CLIOpened on Nov 4, 2015 at 8:15:10 PM
Closed on Nov 6, 2015 at 8:27:07 AM
#9100 closed defect (duplicate)
Certificate error on S3 buckets containing period character
| Reported by: | stevenlybeck | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | 4.8 |
| Component: | s3 | Version: | 4.7.3 |
| Severity: | normal | Keywords: | |
| Cc: | Architecture: | ||
| Platform: |
Description
It seems that Cyberduck always connects to S3's HTTPS endpoints, which is good.
However, Amazon's wildcard certificate is set up only for *.s3.amazonaws.com. This means that certificate verification fails for any buckets containing the dot character (e.g. "example.bucket") because the fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not matching S3's wildcard certificate.
I believe the resolution is to use S3's API in path-style access instead of virtual-host access. See: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
On OSX, this presents as a security dialog seen in the attached screenshots.
Attachments (2)
Change History (3)
Changed on Nov 4, 2015 at 8:16:22 PM by stevenlybeck
comment:1 Changed on Nov 6, 2015 at 8:27:07 AM by dkocher
- Milestone set to 4.8
- Resolution set to duplicate
- Status changed from new to closed
Duplicate for #3813.
Note: See
TracTickets for help on using
tickets.
verify certificate