Bug#779974: josm: invalid certificate

Salvo Tomaselli tiposchi at tiscali.it
Thu Apr 23 09:30:43 UTC 2015


In data mercoledì 22 aprile 2015 18:58:06, Sebastiaan Couwenberg ha scritto:
> On 04/22/2015 11:29 AM, Salvo Tomaselli wrote:
> > In data martedì 21 aprile 2015 19:51:15, Sebastiaan Couwenberg ha scritto:
> >> On 04/21/2015 09:22 AM, Salvo Tomaselli wrote:
> >>>> aptitude update && aptitude reinstall ca-certificates
> >>> 
> >>> Tried this one, still same result in josm.
> >> 
> >> Still only 11 certs in the Java cacerts keystore, this should be over
> >> 100.
> >> 
> >> crappy webmail I was using.
> >> 
> >> Do you have the Equifax_Secure_CA.crt installed?
> > 
> > $ ls -l /etc/ssl/certs/Equifax_Secure_CA.pem  /usr/share/ca-
> > certificates/mozilla/Equifax_Secure_CA.crt
> 
> So you have the CA cert, just not in the Java truststore. The
> update-ca-certificates hook should take care of this, but for some
> mysterious reason it doesn't import all certificates as it should.
> 
> Can you check if the certificate is enabled in the configuration file?
> 
>  grep Equifax_Secure_CA /etc/ca-certificates.conf
grep Equifax_Secure_CA /etc/ca-certificates.conf
mozilla/Equifax_Secure_CA.crt

I guess it is in there.

> Assuming it's enabled but still not picked up by the
> update-ca-certificates hook, you can manually import the certificate:
> 
>  sudo keytool -v -importcert -trustcacerts -alias equifax_secure_ca \
>  -file /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt \
>  -keystore /etc/ssl/certs/java/cacerts -storepass changeit
Output attached, it asked me to write "si" to confirm to trust the 
certificate.


josm is still telling me this, after doing that command

sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

Best
-- 
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di 
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
                -- Galileo Galilei

                http://ltworf.github.io/ltworf/
-------------- next part --------------
# keytool -v -importcert -trustcacerts -alias equifax_secure_ca -file /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt -keystore /etc/ssl/certs/java/cacerts -storepass changeit
Proprietario: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Autorità emittente: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Numero di serie: 35def4cf
Valido da: Sat Aug 22 18:41:51 CEST 1998 a: Wed Aug 22 18:41:51 CEST 2018
Impronte digitali certificato:
         MD5:  67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
                  SHA1: D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
                           SHA256: 08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78
                                    Nome algoritmo firma: SHA1withRSA
                                             Versione: 3

                                             Estensioni: 

#1: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
0000: 30 0B 1B 05 56 33 2E 30   63 03 02 06 C0           0...V3.0c....


#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3
0010: 98 90 9F D4                                        ....
]
]

#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
    PathLen:2147483647
    ]

#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
       [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
       ]]

#5: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
    Crl_Sign
    ]

#6: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 18:41:51 CEST 2018]

#7: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95   D7 47 D8 23 20 10 4F 33  H.h.+....G.# .O3
0010: 98 90 9F D4                                        ....
]
]

Considerare sicuro questo certificato? [no]:  y
Risposta errata, riprovare
Considerare sicuro questo certificato? [no]:  si
Il certificato è stato aggiunto al keystore
[Memorizzazione di /etc/ssl/certs/java/cacerts] in corso



More information about the Pkg-grass-devel mailing list