[Cyberduck-trac] [Cyberduck] #9100: Certificate error on S3 buckets containing period character
Cyberduck
trac at trac.cyberduck.io
Wed Nov 4 20:15:22 UTC 2015
#9100: Certificate error on S3 buckets containing period character
-----------------------------+---------------------
Reporter: stevenlybeck | Owner: dkocher
Type: defect | Status: new
Priority: normal | Milestone:
Component: s3 | Version: 4.7.3
Severity: normal | Keywords:
Architecture: | Platform:
-----------------------------+---------------------
It seems that Cyberduck always connects to S3's HTTPS endpoints, which is
good.
However, Amazon's wildcard certificate is set up only for
*.s3.amazonaws.com. This means that certificate verification fails for any
buckets containing the dot character (e.g. "example.bucket") because the
fully-qualified domain (e.g. example.bucket.s3.amazonaws.com) ends up not
matching S3's wildcard certificate.
I believe the resolution is to use S3's API in path-style access instead
of virtual-host access. See:
http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html
On OSX, this presents as a security dialog seen in the attached
screenshots.
--
Ticket URL: <https://trac.cyberduck.io/ticket/9100>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list