The certificate of JOSM's site is called invalid because it's self signed. This means that the certificate is good, but it hasn't been acknowledged by any of the certification authorities currently present in the world. To do so, JOSM would have to pay a fee to get a certificate signed by any of those authorities, but since JOSM is a free association of volunteers, no money is available to pay for a valid certificate. So the certificate has been signed by themselves, which is already a form of validation, since the JOSM people are very trustworthy, or better, it has been self signed.
Certificates by acknowledged authorities are trusted automatically. Self-signed certificates must be accepted individually. After they have been accepted they offer the same level of security.
Presentation of the issue
If you're using Firefox 6.0, you will most likely see the screen below when you attempt to log on to JOSM. This happens because to log on you will have to use a secure http connection (https) and to do so you need a certificate.
How to solve the issue
To log in, you will have to add the certificate to your certificate exception list. In order to do so, click on 'I understand the Risks' and then on 'Add Exception...'. A new window will pop-up (as below). On that screen, confirm the link highlighted is https://josm.openstreetmap.de/, check the 'Permanently store this exception' box and clicking 'Confirm Security Exception...' button. If you were able to check the box, that's all that takes to solve this issue and not get this error message again. If not, see below for further instructions.
What if the Permanently store this exception box isn't clickable?
In that case, close all dialog boxes and open Tools -> Options on your Firefox upper bar. The options box will open. Click on the Advanced tab, then on the 'View Certificates' button, as shown on the screenshot below.
A new screen called 'Certificate Manager' will open, as shown below. Click on the Servers tab, then on the 'Add Exception...' button.
The screen below will open. On the Location: box, please type in 'https://josm.openstreetmap.de/', then click on the button next to it, 'Get Certificate'. You will notice that this time he will fetch the certificate correctly and the 'Permanently store this exception' box will be clickable. Check the box and click on the 'Confirm Security Exception...' button.
The dialog box shall close and the former screen will indicate that the JOSM certificate is now in the server certificate list, as shown highlighted on the screen below.
Close all windows, refresh your browser and try to log on. It should now work perfectly, without any warnings.
In case you want to be absolutely certain that the certificate you fetched is really the legit one, verify that the certificate's SHA1 fingerprint is 26:8B:4D:CB:AD:04:E7:50:EC:94:F8:34:83:CE:7C:06:8D:FD:61:3D. It very likely is.
The certificate is also available for download.
- screen1.png (37.9 KB) - added by stoecker 2 years ago.
- screen2.png (45.5 KB) - added by stoecker 2 years ago.
- screen3.png (53.9 KB) - added by stoecker 2 years ago.
- screen4.png (61.8 KB) - added by stoecker 2 years ago.
- screen5.png (48.0 KB) - added by stoecker 2 years ago.
- screen7.png (61.0 KB) - added by stoecker 2 years ago.
Download all attachments as: .zip