Opened 11 years ago

Closed 11 years ago

#5110 closed Bug report (rejected)

wildcard SSL certificates *.domainname.com not properly supported

Reported by: Pierre Grandmaison Owned by:
Priority: normal Component: FileZilla Client
Keywords: wildcard SSL certificate Cc:
Component version: Operating system type: Windows
Operating system version: Windows XP, Vista, 7

Description

Hi,

1) We have a rapidSSL wildcard SSL certificate such as *.domainname.com and when I connect to something.domainname.com, filezilla still gives me the warning, even though it is a valid SSL certificate which is recognized without warning by both firefox and internet explorer over regular https.

Once we accept the certificate once, we never have the issue again (as long as we select to save our answer so it doesn't ask again)

however, it would be nice if filezilla could authenticate wildcard certs similar to what IE and firefox do over regular https for wildcard certs.

2) There is no way to see the downloaded SSL certificates so that you can review the list / clear it if necessary to force an full SSL cert check again at the next connection. (If there is a way, I couldn't find it).

Change History (3)

comment:1 by Tim Kosse, 11 years ago

Resolution: rejected
Status: newclosed

This has nothing to do with wildcards.

It's a matter of trust, I do not trust commercial certificate authorities, so FileZilla doesn't either. As result, the user has to manually confirm the certificate.

comment:2 by Pierre Grandmaison, 11 years ago

Resolution: rejected
Status: closedreopened

Ok, I didn't realize given that I have used filezilla for a very long time and haven't received the warnings in a long time. If it is the behavior for all certificates, I apologize, I made a mistake.

However, could you please address my second question?

2) There is no way to see the downloaded SSL certificates so that you can review the list / clear it if necessary to force an full SSL cert check again at the next connection. (If there is a way, I couldn't find it).

comment:3 by Pierre Grandmaison, 11 years ago

Resolution: rejected
Status: reopenedclosed

Just as additional information to this second question:

I did find the file: C:\Users\[USER]\AppData\Roaming\FileZilla\trustedcerts.xml so it's nice to know I can clear them out myself. However, it would be nice to have the option in the filezilla client in the future.

I will close this one and open a separate ticket as a Feature Request for the SSL list management.

Thanks,

Note: See TracTickets for help on using tickets.