Modify ↓
#16527 closed defect (othersoftware)
LetsEncrypt certificate is not found on macOS
| Reported by: | Owned by: | team | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Core | Version: | |
| Keywords: | template_report tls ssl certificate security | Cc: |
Description
What steps will reproduce the problem?
- In Imagery Preferences add a new TMS using the URL as follows:
https://www.webgis.gov.sc/mapcache/tms/1.0.0/aerial_photo@Custom3857/{zoom}/{x}/{-y}.png
- From the Imagery menu select the new service
- "Error: Problem loading tile" is shown.
What is the expected result?
An aerial photo should be loaded
What happens instead?
Error: Problem loading tile is shown
Please provide any additional information below. Attach a screenshot if possible.
The service is accessible through HTTPS and a LetsEncrypt certificate is registered on the TMS server. Adding the same custom TMS to the iD Editor on the OpenStreetMap website works without any issues.
URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2018-07-09 01:47:59 +0200 (Mon, 09 Jul 2018)
Build-Date:2018-07-08 23:50:14
Revision:14026
Relative:URL: ^/trunk
Identification: JOSM/1.5 (14026 en) Mac OS X 10.13.6
OS Build number: Mac OS X 10.13.6 (17G65)
Memory Usage: 869 MB / 1820 MB (387 MB allocated, but free)
Java version: 1.8.0_181-b13, Oracle Corporation, Java HotSpot(TM) 64-Bit Server VM
Screen: Display 722475533 1920x1080
Maximum Screen Size: 1920x1080
VM arguments: [-Djava.library.path=/Applications/JOSM.app/Contents/MacOS, -DLibraryDirectory=${HOME}/Library, -DDocumentsDirectory=${HOME}/Documents, -DApplicationSupportDirectory=${HOME}/Library/Application Support, -DCachesDirectory=${HOME}/Library/Caches, -DSandboxEnabled=false, -Dapple.laf.useScreenMenuBar=true, -Dcom.apple.macos.use-file-dialog-packages=true, -Dcom.apple.macos.useScreenMenuBar=true, -Dcom.apple.mrj.application.apple.menu.about.name=JOSM, -Dcom.apple.smallTabs=true]
Dataset consistency test: No problems found
Plugins:
+ Mapillary (v1.5.14+post13733)
+ apache-commons (34389)
+ apache-http (34389)
+ buildings_tools (34212)
+ ejml (34389)
+ geotools (34125)
+ jts (34206)
+ opendata (34389)
+ todo (30305)
+ utilsplugin2 (34389)
Last errors/warnings:
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Attachments (0)
Change History (7)
comment:1 by , 7 years ago
| Component: | Core → Core imagery |
|---|
comment:2 by , 7 years ago
| Keywords: | tls ssl certificate security added |
|---|
comment:3 by , 7 years ago
The certificate is there and is stored in Keychain: /System/Library/Keychains/SystemRootCertificates.keychain
The certificate is also listed under "Manage Certificates" in the Java Control Panel.
comment:4 by , 7 years ago
| Component: | Core imagery → Core |
|---|---|
| Summary: | JOSM fails to load imagery from custom TMS → LetsEncrypt certificate is not found on macOS |
comment:5 by , 7 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
This server does not sent a proper certificate chain. Thus we'd need to support the intermediate LE-cert directly, which we don't want.
https://www.ssllabs.com/ssltest/analyze.html?d=www.webgis.gov.sc&s=196.13.208.22&latest
@mwagner:
I'd suggest you contact the operators of the server and tell them to fix this issue and maybe a bunch of the many others they have.
Until then use http, which is equally secure for this server.
comment:6 by , 7 years ago
Many thanks for your help! We solved the issue with the incomplete certificate chain and are currently working to fix the other security related issues you referred to.
comment:7 by , 7 years ago
| Resolution: | wontfix → othersoftware |
|---|
Note:
See TracTickets
for help on using tickets.
Probably a macOS issue. Do you have any file named "DST_Root_CA_X3.pem" or "DST_Root_CA_X3.crt" on your system? If so, where?