Bug#779974: josm: invalid certificate
Salvo Tomaselli
tiposchi at tiscali.it
Thu Apr 23 09:30:43 UTC 2015
In data mercoledì 22 aprile 2015 18:58:06, Sebastiaan Couwenberg ha scritto:
> On 04/22/2015 11:29 AM, Salvo Tomaselli wrote:
> > In data martedì 21 aprile 2015 19:51:15, Sebastiaan Couwenberg ha scritto:
> >> On 04/21/2015 09:22 AM, Salvo Tomaselli wrote:
> >>>> aptitude update && aptitude reinstall ca-certificates
> >>>
> >>> Tried this one, still same result in josm.
> >>
> >> Still only 11 certs in the Java cacerts keystore, this should be over
> >> 100.
> >>
> >> crappy webmail I was using.
> >>
> >> Do you have the Equifax_Secure_CA.crt installed?
> >
> > $ ls -l /etc/ssl/certs/Equifax_Secure_CA.pem /usr/share/ca-
> > certificates/mozilla/Equifax_Secure_CA.crt
>
> So you have the CA cert, just not in the Java truststore. The
> update-ca-certificates hook should take care of this, but for some
> mysterious reason it doesn't import all certificates as it should.
>
> Can you check if the certificate is enabled in the configuration file?
>
> grep Equifax_Secure_CA /etc/ca-certificates.conf
grep Equifax_Secure_CA /etc/ca-certificates.conf
mozilla/Equifax_Secure_CA.crt
I guess it is in there.
> Assuming it's enabled but still not picked up by the
> update-ca-certificates hook, you can manually import the certificate:
>
> sudo keytool -v -importcert -trustcacerts -alias equifax_secure_ca \
> -file /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt \
> -keystore /etc/ssl/certs/java/cacerts -storepass changeit
Output attached, it asked me to write "si" to confirm to trust the
certificate.
josm is still telling me this, after doing that command
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Best
--
Salvo Tomaselli
"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di
senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei
http://ltworf.github.io/ltworf/
-------------- next part --------------
# keytool -v -importcert -trustcacerts -alias equifax_secure_ca -file /usr/share/ca-certificates/mozilla/Equifax_Secure_CA.crt -keystore /etc/ssl/certs/java/cacerts -storepass changeit
Proprietario: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Autorità emittente: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Numero di serie: 35def4cf
Valido da: Sat Aug 22 18:41:51 CEST 1998 a: Wed Aug 22 18:41:51 CEST 2018
Impronte digitali certificato:
MD5: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
SHA1: D2:32:09:AD:23:D3:14:23:21:74:E4:0D:7F:9D:62:13:97:86:63:3A
SHA256: 08:29:7A:40:47:DB:A2:36:80:C7:31:DB:6E:31:76:53:CA:78:48:E1:BE:BD:3A:0B:01:79:A7:07:F9:2C:F1:78
Nome algoritmo firma: SHA1withRSA
Versione: 3
Estensioni:
#1: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
0000: 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 0...V3.0c....
#2: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
#3: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
]]
#5: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
#6: ObjectId: 2.5.29.16 Criticality=false
PrivateKeyUsage: [
To: Wed Aug 22 18:41:51 CEST 2018]
#7: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
Considerare sicuro questo certificato? [no]: y
Risposta errata, riprovare
Considerare sicuro questo certificato? [no]: si
Il certificato è stato aggiunto al keystore
[Memorizzazione di /etc/ssl/certs/java/cacerts] in corso
More information about the Pkg-grass-devel
mailing list