Cyberduck Mountain Duck CLI

#9100 closed defect (duplicate)

Certificate error on S3 buckets containing period character

Reported by: stevenlybeck Owned by: dkocher
Priority: normal Milestone: 4.8
Component: s3 Version: 4.7.3
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

It seems that Cyberduck always connects to S3's HTTPS endpoints, which is good.

However, Amazon's wildcard certificate is set up only for *.s3.amazonaws.com. This means that certificate verification fails for any buckets containing the dot character (e.g. "example.bucket") because the fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not matching S3's wildcard certificate.

I believe the resolution is to use S3's API in path-style access instead of virtual-host access. See: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html

On OSX, this presents as a security dialog seen in the attached screenshots.

Attachments (2)

one.png (48.7 KB) - added by stevenlybeck on Nov 4, 2015 at 8:16:22 PM.
verify certificate
two.png (86.9 KB) - added by stevenlybeck on Nov 4, 2015 at 8:16:43 PM.
verify certificate details

Download all attachments as: .zip

Change History (3)

Changed on Nov 4, 2015 at 8:16:22 PM by stevenlybeck

verify certificate

Changed on Nov 4, 2015 at 8:16:43 PM by stevenlybeck

verify certificate details

comment:1 Changed on Nov 6, 2015 at 8:27:07 AM by dkocher

  • Milestone set to 4.8
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate for #3813.

Note: See TracTickets for help on using tickets.
swiss made software