[Cyberduck-trac] [Cyberduck] #9100: Certificate error on S3 buckets containing period character

Cyberduck trac at trac.cyberduck.io
Wed Nov 4 20:15:22 UTC 2015

#9100: Certificate error on S3 buckets containing period character
    Reporter:  stevenlybeck  |      Owner:  dkocher
        Type:  defect        |     Status:  new
    Priority:  normal        |  Milestone:
   Component:  s3            |    Version:  4.7.3
    Severity:  normal        |   Keywords:
Architecture:                |   Platform:
 It seems that Cyberduck always connects to S3's HTTPS endpoints, which is

 However, Amazon's wildcard certificate is set up only for
 *.s3.amazonaws.com. This means that certificate verification fails for any
 buckets containing the dot character (e.g. "example.bucket") because the
 fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not
 matching S3's wildcard certificate.

 I believe the resolution is to use S3's API in path-style access instead
 of virtual-host access. See:

 On OSX, this presents as a security dialog seen in the attached

Ticket URL: <https://trac.cyberduck.io/ticket/9100>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list