Hi!
First of all, I would like to say thanks for implementing FTPs support in Total Commander - this really is a great and long-awaited feature.
The issue I would like to address is wildcard certificates. It is a common practice for a company owning a domain name, say, example.tld to purchase a certificate with CN equal to *.example.tld and to use this certificate for all hosts needing SSL support (both aaa.example.tld and bbb.example.tld will usually match such certificate).
As I can see, Total Commander shows "red lock" when a wildcard certificate is used. I have a certificate *.xxx.zzz.tld and Total Commander says the certificate is incorrect for both ftpserver.xxx.zzz.tld and xxx.zzz.tld (even though xxx.zzz.tld is not strictly matching *.xxx.zzz.tld wildcard, most of software usually considers such situation normal).
FTPs: wildcard SSL certificates
Moderators: Hacker, petermad, Stefan2, white
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Thanks for your suggestion.
What error is shown when you click on the lock?
What error is shown when you click on the lock?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Thanks for the info! It should be no problem to add this.
I have one more question: Does the cert for *.spirit.blahblah.tld also cover the domain spirit.blahblah.tld, or only the subdomains?
I have one more question: Does the cert for *.spirit.blahblah.tld also cover the domain spirit.blahblah.tld, or only the subdomains?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Could you please try whether wildcard certificates work now, please?
What about my question about the subdomains?
What about my question about the subdomains?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
BUMP
Anyone can confirm that it works with wildcard certificates now, please?
Anyone can confirm that it works with wildcard certificates now, please?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
BUMP BUMP BUM BUMP
Anyone having a server with a wildcard certificate, please?
Anyone having a server with a wildcard certificate, please?
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
-
franck8244
- Power Member
- Posts: 704
- Joined: 2003-03-06, 17:37 UTC
- Location: Geneva...
-
ghisler(Author)
- Site Admin
- Posts: 50386
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Great, thanks for testing it!I have created a self-signed certificate :
*.toto.net -> accept it (always trust...) -> no more message : OK
then a connection to truename.toto.net -> no message : certificate is validated
Yes, this is intentional. The same is true for invalid or unsigned certificates (see this thread).A self-signed certificate with an expired date can note be validated (no accept it button)
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com