[Cyberduck-trac] [Cyberduck] #8698: Certificate Chain not displayed correctly in some cases

Cyberduck trac at trac.cyberduck.io
Wed Mar 25 17:35:41 UTC 2015

#8698: Certificate Chain not displayed correctly in some cases
    Reporter:  actionverb  |      Owner:  dkocher
        Type:  defect      |     Status:  new
    Priority:  normal      |  Milestone:
   Component:  interface   |    Version:  4.6.5
    Severity:  normal      |   Keywords:
Architecture:              |   Platform:
 In some circumstances, Cyberduck fails to display the complete certificate
 chain.  I recently replaced a certificate, and noticed that while
 Cyberduck accepts the certificate as valid and displays no errors when
 connecting to it, the pane revealed by clicking the lock icon only shows
 part of the chain.  This happens for both DAV HTTPS connections as well as
 FTPS connections.

 In most cases, it shows all but the last (most specific) certificate (see
 cert_issue1.png).  In at least one case that I cannot seem to reproduce
 now, it showed only the root certificate (see cert_issue2.png).  I
 confirmed that there is nothing hidden outside of the visible area.

 With debug mode (Cyberduck Version 4.6.5 (17000) on OS X 10.10.2), I found
 the following entry:
   Error adding certificate to Keychain

 I have confirmed with the vendor that the certificate is valid and
 correctly installed, and it works properly in every other FTP app and
 browser I've tried.  I tested the certificate chain manually with openssl

 I have also confirmed that the problem exists on Windows 8.1 with
 Cyberdick 4.6.5.

Ticket URL: <https://trac.cyberduck.io/ticket/8698>
Cyberduck <http://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list