Modify

Opened 6 months ago

Closed 5 months ago

Last modified 5 months ago

#17668 closed enhancement (fixed)

terinfo.ujbuda.hu uses TLS certificate not supported by JOSM yet

Reported by: stoecker Owned by: Don-vip
Priority: normal Milestone: 19.05
Component: Core Version:
Keywords: Cc: BathoryPeter, Don-vip

Description

Seems they now support TLS properly, but they use a Java-incompatible certificate and also an incomplete certifcate path.

Attachments (0)

Change History (12)

comment:1 Changed 6 months ago by stoecker

Seems it should work when they complete the certificate chain and add the "e-Szigno SSL CA 2014" intermediate certificate.

https://www.ssllabs.com/ssltest/analyze.html?d=terinfo.ujbuda.hu

Can someone contact them? Last time I tried I didn't get an answer.

Last edited 6 months ago by stoecker (previous) (diff)

comment:2 Changed 6 months ago by stoecker

Ah sorry. Either SSLLabs changed the display or I never got it right before. We still need to add the "Microsec e-Szigno Root CA 2009" in case they fix the chain.

comment:3 Changed 5 months ago by anonymous

(Came from the irc->matrix bridged room on a random search for Hungary ;))
I see that on the hungarian osm list pepole already tried and failed to notify them, but I'll try again.

comment:4 in reply to:  3 Changed 5 months ago by grinapo

Replying to anonymous:
um that was me.

comment:5 Changed 5 months ago by grinapo

And it has been fixed, as far as my brief look goes. Try now.

comment:6 Changed 5 months ago by stoecker

@Vincent:
Can you add the "Microsec e-Szigno Root CA 2009", Fingerprint SHA256: 3c5f81fea5fab82c64bfa2eaecafcde8e077fc8620a7cae537163df36edbf378 Pin SHA256: YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= to the Windows CertStore expansion mechanism?

https://crt.sh/?id=194998
https://crt.sh/?caid=778

comment:7 Changed 5 months ago by Don-vip

Milestone: 19.05
Owner: changed from team to Don-vip
Status: newassigned

Sure!

comment:8 Changed 5 months ago by Don-vip

Resolution: fixed
Status: assignedclosed

In 15124/josm:

fix #17668 - load "Microsec e-Szigno Root CA 2009" certificate, used by city of Budapest

comment:9 Changed 5 months ago by GerdP

I see a warning Certificate not found for alias '[Microsec e-Szigno Root CA 2009]' but found for alias 'MicroSec e-Szigno Root CA 2009'. What does that mean?

2019-05-30 10:21:04.276 FINE: System property 'java.protocol.handler.pkgs' set to 'org.openstreetmap.josm.io.protocols'. Old value was 'null'
2019-05-30 10:21:04.551 FINE: Adding certificate for TLS connections: CN=Staat der Nederlanden Root CA - G2,O=Staat der Nederlanden,C=NL
2019-05-30 10:21:04.586 FINE: Adding certificate for TLS connections: CN=Staat der Nederlanden Root CA - G3,O=Staat der Nederlanden,C=NL
2019-05-30 10:21:04.622 FINE: Adding certificate for TLS connections: CN=Certigna,O=Dhimyotis,C=FR
2019-05-30 10:21:04.661 FINE: Adding certificate for TLS connections: CN=CA Disig Root R2,O=Disig a.s.,L=Bratislava,C=SK
2019-05-30 10:21:04.697 FINE: Adding certificate for TLS connections: O=Government Root Certification Authority,C=TW
2019-05-30 10:21:04.732 FINE: powershell -Command [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;[System.Net.WebRequest]::Create('https://e-szigno.hu').GetResponse()
2019-05-30 10:21:05.532 WARNING: Certificate not found for alias '[Microsec e-Szigno Root CA 2009]' but found for alias 'MicroSec e-Szigno Root CA 2009'
2019-05-30 10:21:05.533 FINE: Adding certificate for TLS connections: 1.2.840.113549.1.9.1=#1610696e666f40652d737a69676e6f2e6875,CN=Microsec e-Szigno Root CA 2009,O=Microsec Ltd.,L=Budapest,C=HU
Version 0, edited 5 months ago by GerdP (next)

comment:10 Changed 5 months ago by Don-vip

it means I made a typo.

comment:11 Changed 5 months ago by Don-vip

In 15142/josm:

see #17668 - fix typo

comment:12 Changed 5 months ago by stoecker

Summary: terinfo.ujbuda.hu usues TLS certificate not supported by JOSM yetterinfo.ujbuda.hu uses TLS certificate not supported by JOSM yet

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Don-vip.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.