Modify

Opened 3 months ago

Closed 2 months ago

Last modified 2 months ago

#18920 closed defect (fixed)

Spanish cadastre WMS now signed by FNMT-RCM (Fábrica Nacional de Moneda y Timbre - Real Casa de la Moneda)

Reported by: webmaster@… Owned by: Don-vip
Priority: normal Milestone: 20.03
Component: Core imagery Version:
Keywords: template_report spain Cc: Don-vip

Description (last modified by Don-vip)

What steps will reproduce the problem?

  1. in josm goto --> settings--> WMS/TMS
  2. activate Spanisches Cataster

What is the expected result?

JOSM should render the Cataster

What happens instead?

it shows me a red error warning :

javax.net.ssl.HandshakeException ; sun.security.validator.Validatorexception: PKIX path building failed:

Please provide any additional information below. Attach a screenshot if possible.

Please include this service again as backgroundpicture. May the webadress has change.
See also http://www.catastro.minhap.gob.es/webinspire/documentos/inspire-WMS.pdf

Screenshot

URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2020-02-26 10:50:27 +0100 (Wed, 26 Feb 2020)
Build-Date:2020-02-26 09:52:41
Revision:15937
Relative:URL: ^/trunk

Identification: JOSM/1.5 (15937 de) Windows 7 32-Bit
OS Build number: Windows 7 Professional (7601)
Memory Usage: 269 MB / 989 MB (84 MB allocated, but free)
Java version: 1.8.0_241-b07, Oracle Corporation, Java HotSpot(TM) Client VM
Screen: \Display0 1920x1080, \Display1 1920x1080
Maximum Screen Size: 1920x1080
Dataset consistency test: No problems found

Plugins:
+ BuildingGeneralization (23)
+ DirectDownload (35248)
+ DirectUpload (35248)
+ HouseNumberTaggingTool (35248)
+ ImproveWay (29)
+ InfoMode (35248)
+ alignways (35248)
+ austriaaddresshelper (57)
+ colorscheme (35248)
+ continuosDownload (91)
+ dataimport (35248)
+ ejml (35122)
+ jaxb (35092)
+ log4j (35092)
+ namemanager (35248)
+ openvisible (35248)
+ pbf (35248)
+ turnrestrictions (35313)

Map paint styles:
+ https://josm.openstreetmap.de/josmfile?page=Styles/Surface-DataEntry&zip=1
+ https://josm.openstreetmap.de/josmfile?page=Styles/ShowID&zip=1

Last errors/warnings:
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Attachments (3)

WMSErrorSpain.jpg (231.7 KB) - added by morgen1 <webmaster@…> 3 months ago.
Screenshot
18920_worksforme.png (25.9 KB) - added by Don-vip 2 months ago.
logfilejosm (1.6 MB) - added by morgen1 <webmaster@…> 2 months ago.
Logfile , created befor the certificat was registred

Download all attachments as: .zip

Change History (20)

Changed 3 months ago by morgen1 <webmaster@…>

Attachment: WMSErrorSpain.jpg added

Screenshot

comment:1 Changed 3 months ago by skyper

Component: CoreCore imagery
Description: modified (diff)
Summary: wms service for catastro spain is not more available. Please include this service again as backgroundpicture. May the webadress has change .See also http://www.catastro.minhap.gob.es/webinspire/documentos/inspire-WMS.pdfwms service for catastro spain is not more available.

comment:2 Changed 2 months ago by stoecker

Cc: Don-vip added
Milestone: 20.03

Server works. HTTPS is certified by AC RAIZ FNMT-RCM. That again seems to be a certificate instance of a state, in this case Spain. Accepted by everybody, except Java (again).

Windows/Android/Mozilla:

FNMT-RCM / AC RAIZ FNMT-RCM
Fingerprint SHA256: ebc5570c29018c4d67b1aa127baf12f703b4611ebc17b7dab5573894179b93fa
SHA1: EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20
Pin SHA256: L8VmekuaJnjtasatJUZfy/YJS/zZUECXx6j6R63l6Ig=
RSA 4096 bits (e 65537) / SHA256withRSA 

Vincent. Please :-)

Last edited 2 months ago by stoecker (previous) (diff)

comment:3 Changed 2 months ago by Don-vip

Keywords: spain added
Owner: changed from team to Don-vip
Status: newassigned

comment:4 Changed 2 months ago by Don-vip

Description: modified (diff)

comment:5 Changed 2 months ago by Don-vip

comment:6 Changed 2 months ago by Don-vip

Summary: wms service for catastro spain is not more available.Spanish cadastre WMS now signed by FNMT-RCM (Fábrica Nacional de Moneda y Timbre - Real Casa de la Moneda)

comment:7 Changed 2 months ago by Don-vip

Resolution: fixed
Status: assignedclosed

In 16120/josm:

fix #18920 - load AC RAIZ FNMT-RCM from Spanish Royal Mint

comment:8 Changed 2 months ago by stoecker

A note to the SHA1- and SHA-256 duplicate cert issue. These are both the same cert. As the hash algorithm has no real importance for the self-signed root certificates the old SHA1 certificates have not been replaced/revoked when it has been decided to no longer use SHA1. They simply reissued the same cert with SHA256 so that SHA1 can silently die. Still using the SHA1 root cert has no negative consequences thought.

comment:9 Changed 2 months ago by anonymous

Hello at all programmers.

I try to use Build 16149 . My java is Java-version 1.8.0_241. But Build 16149 gives me still the same error : Fehler beim Herunterladen von Kacheln: javax.net.ssl.SSLHandShakeException:sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Please give me a hint, how to solve the problem. I am not a programmer, but have a good expirience at my pc..

comment:10 Changed 2 months ago by morgen1 <webmaster@…>

Resolution: fixed
Status: closedreopened

Hello at all programmers.

I try to use Build 16149 . My java is Java-version 1.8.0_241. But Build 16149 gives me still the same error : Fehler beim Herunterladen von Kacheln: javax.net.ssl.SSLHandShakeException:sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

Please give me a hint, how to solve the problem. I am not a programmer, but have a good expirience at my pc..

comment:11 Changed 2 months ago by Don-vip

@morgen1: this feature is strongly linked to your OS. please tell me if you're running Windows, macOS or Linux, and what exact version.

comment:12 Changed 2 months ago by stoecker

Windows 7 Pro? See initial ticket.

comment:13 Changed 2 months ago by Don-vip

Ah, didn't notice it was the reporter speaking.

@morgen1: Please start JOSM in command line with --trace argument (java -jar josm-latest.jar --trace) and attach the console output.

Also please share a screenshot of the root certificates installed in Windows, see below for my system:


Last edited 2 months ago by Don-vip (previous) (diff)

Changed 2 months ago by Don-vip

Attachment: 18920_worksforme.png added

comment:14 Changed 2 months ago by morgen1 <webmaster@…>

Resolution: fixed
Status: reopenedclosed

at first : josm-latest.jar runs fine at W10 Proffesional. Catastro Spain was loaded successfull. I found on the W10 machine using certmgr.msc 2 Certificates from AC RAIZ FNMT-RCM. This 2 certificates wars not installed at the Windows7 machine. Then I export/import this 2 certificates to my W7 32 bit PC. This export/import solved my problem. After this 2 certificates was installed at the W7 machine, JOSM-LATEST.JAR runs also fine with catastro spain. the certmngr.msc says by import, 'it can not confirmed, this certificate is original' (or analougus...). I have nevertheless it installed and catastro spain as background is loaded.

The reason for the error was the missing certificates. Thanks for your work and hints's
Regards morgen1

comment:15 Changed 2 months ago by Don-vip

It's strange, you shouldn't have to do all these steps, JOSM would have done them for you. It probably doesn't work on Windows 7. But as the system is now in extended support, I guess we can live with that.

Changed 2 months ago by morgen1 <webmaster@…>

Attachment: logfilejosm added

Logfile , created befor the certificat was registred

comment:16 Changed 2 months ago by morgen1 <webmaster@…>

for your investigation I have attached the logfile. The logfile was written by josm-latest.jar befor the certificate was manually installed.

comment:17 in reply to:  16 Changed 2 months ago by Don-vip

Replying to morgen1 <webmaster@…>:

for your investigation I have attached the logfile. The logfile was written by josm-latest.jar befor the certificate was manually installed.

This is really strange:

2020-03-16 23:31:20.460 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:20.476 AM FEINSTEN: null
2020-03-16 23:31:20.773 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:20.773 AM FEINSTEN: null
2020-03-16 23:31:20.851 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:20.851 AM FEINSTEN: null
2020-03-16 23:31:21.007 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.007 AM FEINSTEN: null
2020-03-16 23:31:21.148 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.164 AM FEINSTEN: null
2020-03-16 23:31:21.304 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.304 AM FEINSTEN: null
2020-03-16 23:31:21.382 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.382 AM FEINSTEN: null
2020-03-16 23:31:21.554 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.554 AM FEINSTEN: null
2020-03-16 23:31:21.710 AM FEINSTEN: Ignoring null as SHA-256 signature does not match
2020-03-16 23:31:21.710 AM FEINSTEN: null

I'll try to reproduce on Windows 7

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Don-vip.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.