You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that Cyberduck always connects to S3's HTTPS endpoints, which is good.
However, Amazon's wildcard certificate is set up only for *.s3.amazonaws.com. This means that certificate verification fails for any buckets containing the dot character (e.g. "example.bucket") because the fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not matching S3's wildcard certificate.
It seems that Cyberduck always connects to S3's HTTPS endpoints, which is good.
However, Amazon's wildcard certificate is set up only for *.s3.amazonaws.com. This means that certificate verification fails for any buckets containing the dot character (e.g. "example.bucket") because the fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not matching S3's wildcard certificate.
I believe the resolution is to use S3's API in path-style access instead of virtual-host access. See: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
On OSX, this presents as a security dialog seen in the attached screenshots.
Attachments
one.png
(48.7 KiB)two.png
(86.9 KiB)The text was updated successfully, but these errors were encountered: