wildcard SSL certificates *.domainname.com not properly supported

[Pierre Grandmaison]

Hi,

1) We have a rapidSSL wildcard SSL certificate such as *.domainname.com and when I connect to something.domainname.com, filezilla still gives me the warning, even though it is a valid SSL certificate which is recognized without warning by both firefox and internet explorer over regular https.

Once we accept the certificate once, we never have the issue again (as long as we select to save our answer so it doesn't ask again)

however, it would be nice if filezilla could authenticate wildcard certs similar to what IE and firefox do over regular https for wildcard certs.

2) There is no way to see the downloaded SSL certificates so that you can review the list / clear it if necessary to force an full SSL cert check again at the next connection. (If there is a way, I couldn't find it).

[Tim Kosse]

This has nothing to do with wildcards.

It's a matter of trust, I do not trust commercial certificate authorities, so FileZilla doesn't either. As result, the user has to manually confirm the certificate.

[Pierre Grandmaison]

Ok, I didn't realize given that I have used filezilla for a very long time and haven't received the warnings in a long time. If it is the behavior for all certificates, I apologize, I made a mistake.

However, could you please address my second question?

2) There is no way to see the downloaded SSL certificates so that you can review the list / clear it if necessary to force an full SSL cert check again at the next connection. (If there is a way, I couldn't find it).

[Pierre Grandmaison]

Just as additional information to this second question:

I did find the file: C:\Users\[USER]\AppData\Roaming\FileZilla\trustedcerts.xml so it's nice to know I can clear them out myself. However, it would be nice to have the option in the filezilla client in the future.

I will close this one and open a separate ticket as a Feature Request for the SSL list management.

Thanks,