Version 52 (modified by dkocher, on Feb 20, 2017 at 6:46:53 PM) (diff) |
---|
Cyberduck Help / Howto / WebDAV
You can connect to any WebDAV compliant server using both HTTP and HTTP/SSL. Mutual TLS with a client certificate for authentication is supported.
Authentication Methods
Both HTTP Basic Authentication and Digest Authentication are supported.
NTLM Authentication for Microsoft SharePoint
If you need to set the domain and workstation you can do this using a hidden configuration option.
defaults write ch.sudo.cyberduck webdav.ntlm.workstation MYWORKSTATION defaults write ch.sudo.cyberduck webdav.ntlm.domain MYDOMAIN
Accessing Subversion (SVN) Repositories
You can access publicly readable Subversion (SVN) repositories running behind mod_dav_svn of Apache httpd using anonymous WebDAV (HTTP) access with Cyberduck. For example the Cyberduck Source Code Repository.
SSL/TLS support
Choose WebDAV (HTTP/SSL) as the connection protocol to secure the connection using SSL.
Mutual TLS
Mutual (two-way) TLS with a client certificate for authentication is supported.
Prompt to authenticate with certificate when negotiating secure (TLS) connection =
When a server requests a client certificate for authentication, a prompt is displayed to choose a certificate with a private key that matches the given issuer name requested from the server. Matching certificates are searched for in the Keychain on OS X or the Windows Certificate Manager respectively.
Select client certificate in bookmark
- You can also pre-select a certificate to use for authentication when editing the bookmark.
Trust Certificate
If the certificate is not trusted by the system, you are asked to make an exception if you still want to connect to the site that cannot be verified. This failure during certificate trust verification is most often the case when the certificate is invalid either
- Because the hostname does not match the common name in the certificate. You will get the error message You might be connecting to a server that is pretending to be….
- The certificate is self signed or signed by a root authority not trusted in the system.
- The certificate is expired.
You can temporarily or permanently allow to connect nevertheless by choosing Continue. To remember your choice, select Always Trust….
Metadata
You can edit custom properties using File → Info → Metadata.
Distribution (CDN)
You can enable custom origin Amazon CloudFront (Content Delivery Network) distribution using File → Info → Distribution (CDN).
Providers
Settings specific to service providers. Use the provided connection profiles.
ownCloud
GMX Mediacenter
Enter your GMX Kundenummer for the username.
- Download the GMX Mediacenter Connection Profile for preconfigured settings.
Box.com
Enter your email address for the username.
- Download the Box Connection Profile for preconfigured settings.
Bigcommerce
Sharepoint
Unless you have setup Active Directory Federation Services (ADFS), Sharepoint Online exclusively needs Claims-Based Authentication based on WS-Federation which Cyberduck currently does not support. With ADFS configured you can authenticate through NTLM which Cyberduck supports.
Sharepoint on Office 365
- Issue #9103. Will be resolved with support for [wikie:help/en/howto/onedrive OneDrive].
Confluence
Problems
Interoperability failure Handshake alert: unrecognized_name
The virtual host setup by the hosting provider is most possibly misconfigured. It must accept TLS connections with SNI (Server Name Indication) extension (RFC 4366). The hostname must match the common name in the server certificate. In Apache httpd configurations, add a ServerAlias configuration directive with the hostname you use to connect.
You can verify the wrong server setup with running openssl with server name indication (SNI) enabled.
openssl s_client -servername <servername> -tlsextdebug -msg -connect <servername>:443
This will print
<<< TLS 1.0 Alert [length 0002], warning unrecognized_name
during the handshake if there is a configuration problem.
See also #7908.
Disable Expect: 100-continue
The Expect: 100-continue to make sure a server accepts an upload before data is sent. You can disable the use of this feature when there is an interoperability issue by setting the hidden option webdav.expect-continue to false.
Attachments (3)
- MobileMe Payment Required.png (26.9 KB) - added by dkocher on Jun 1, 2011 at 9:12:42 PM.
- Windows-Security-Prompt.png (20.6 KB) - added by dkocher on Sep 23, 2014 at 1:39:36 PM.
-
WebDAV Bookmark Client Certificate.png
(43.7 KB) -
added by dkocher on Dec 13, 2016 at 8:20:53 AM.
WebDAV Bookmark Client Certificate
Download all attachments as: .zip