Invalid certificate
Several protocols supported by Sandvox make use of certificates to secure your connection:
- FTP with TLS/SSL
- FTP with Implicit SSL
- WebDAV HTTPS
When connecting, Sandvox receives a copy of the server's certificate. To check if the server can be trusted, that certificate is evaluated for a number of criteria, including:
- The expiry date has not yet been reached
- The certificate was issued by an authority trusted by your Mac
- The host name of the certificate matches the host Sandvox is expecting to connect to
Generally, if any of these criteria fail to be met, Sandvox will refuse to go ahead with the connection. Such a failure can indicate the server has been compromised, or you're actually connecting to a different, malicious server.
Yahoo Web Hosting
One exception we make is for Yahoo Web Hosting. Yahoo now require the use of FTP with SSL/TLS for their hosting. Unfortunately, the host name for their server's certificate differs from that of your site, leaving Sandvox unable to automatically validate it.
If Sandvox detects this situation, you will be prompted to confirm that you are indeed publishing to Yahoo Web Hosting. From this panel you can see full details of the certificate in question to verify yourself if desired.
Both we and Yahoo recommend that you have your Mac remember this particular certificate to avoid prompting you every time you publish:
When prompted about Yahoo Web Hosting's invalid certificate:
- Click the "Show Certificate" button
- Make sure that Sandvox is complaining of "host name mismatch" and nothing else
- Turn on the "Always trust…" box
- Click the "Uses Yahoo Web Hosting" button
- Enter your account password when prompted
Your Mac will now remember the combination of your site with Yahoo's certificate. You should only be prompted again in the future if Yahoo replaces their certificate (e.g. with a newer one).
Reference: Yahoo Web Hosting Help
Keywords: ssl, tls, cert, certificate, certs, certificates, ftps, ftp, implicit, webdav, yahoo, web, hosting
