Skip to content
← General

I suggest you ...

General

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Add SSL wildcard certificate support

While Plastic SCM does allow CA wildcard SSL certificates to be used, and all communication is secure, when first launching the application a dialog pops up with the following :-

WARNING: the hostname provided in the server certificate doesn't match the server's hostname. This means that the certificate was not issued to this hostname or that there is a network configuration problem with this host.

  • Certificate hostname: CN=*.domain.com
  • Server hostname: CN=host.domain.com

If you want to continue connecting to this host, choose 'Yes'. The certificate validation will continue (not recommended).
If you want to abandon the connection, choose 'No' (recommended).

As I said, this pops up every time the application is started (or a new/different connection initiated within the app) so it's a bit annoying and would be so easy to fix. The developers simply need to correctly handle the meaning of *. at the beginning of a CN, just like all modern browsers do.

See forum post:
http://www.plasticscm.net/index.php?/topic/1058-ssl-wildcard-certificate-support/

32 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
qc7 shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Ryan Wiancko commented  ·   ·  Report

    Are there instructions on how to install 3rd party wildcare certs?

  • SWSBB commented  ·   ·  Report

    I've added an entry in the hosts file of windows to be able to enter the correct server name in plastic. Then the machine names match and this message doesn't show up ;)

  • Anonymous commented  ·   ·  Report

    SAN certificate inclusion

    It would also be useful to include SAN (Subject Alternative Name) certificates as these currently have the same issue as above.

  • Anonymous commented  ·   ·  Report

    Also, URI verification should be case-insensitive, e.g., when the hostname of the FQDN is uppercase and the request sends it as lowercase:

    WARNING: the secure connection hostname provided in the server
    certificate doesn't match the server's hostname. This means that the
    certificate was not issued to this hostname or that there is a network
    configuration problem with this host.

    - Certificate hostname: CN=hostname.domain.com
    - Server hostname: CN=HOSTNAME.domain.com