Modify

Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#20953 closed defect (fixed)

SSL certificate warnings when starting JOSM

Reported by: donal.hunt@… Owned by: team
Priority: major Milestone:
Component: Trac Version:
Keywords: template_report Cc:

Description (last modified by simon04)

What steps will reproduce the problem?

  1. Start development version of JOSM.

javaws "https://josm.openstreetmap.de/download/josm-latest.jnlp" is the command used.

What is the expected result?

App starts without a warning about certificates.

What happens instead?

App starts with a warning about certificates.

This is the certificates being complained about:

Version 3 
Serial 317007044659422488441888226356033391239720 
Signature Algorithm SHA256withRSA 
Issuer CN=R3, O=Let's Encrypt, C=US 
Validity Validity: [From: Thu May 27 09:36:43 IST 2021,
               To: Wed Aug 25 09:36:43 IST 2021] 
Subject CN=josm.openstreetmap.de 
Signature 0000: 32 03 34 01 AD C2 27 1F   96 9C 81 4B 1D D7 42 D7  2.4...'....K..B.
0010: 47 36 B1 29 82 24 6A EF   71 64 7F AA 14 6F 08 B7  G6.).$j.qd...o..
0020: 18 7A 5C 9F A7 66 F4 CC   1C F6 44 7C 3E A5 CF 54  .z\..f....D.>..T
0030: 6E 51 38 07 31 A4 CF 34   A0 CA 25 8F B5 A7 40 58  nQ8.1..4..%...@X
0040: 16 C7 02 7F AD 11 FD A7   D0 FE 0B 2B 80 5E AA 34  ...........+.^.4
0050: 61 7C 7A 2B B4 9F 0E D1   D4 64 F0 C2 D2 A1 30 A8  a.z+.....d....0.
0060: B4 A6 2B 23 3A 97 22 97   22 2E E5 8B 9C 11 EC E6  ..+#:.".".......
0070: D1 2F 34 2D FC D0 9A 22   83 79 13 DB E7 66 C7 08  ./4-...".y...f..
0080: 4E D2 64 18 C6 23 66 0A   82 77 C4 3E CA 5F 8F 0F  N.d..#f..w.>._..
0090: 67 2E 67 EA 2F AE E9 D6   13 CA 26 4A 81 30 52 C3  g.g./.....&J.0R.
00A0: 40 D4 26 AC 78 91 78 E3   9D AA B8 FE BB 4B 44 EC  @.&.x.x......KD.
00B0: E3 9C FE EE B0 9F F1 EC   67 A9 7C CD AE 10 4D 5A  ........g.....MZ
00C0: 1C 60 90 52 47 71 92 E0   CB 4C 0C E1 4E 8B 12 83  .`.RGq...L..N...
00D0: BF CA 29 BF 05 8E 3D 47   A5 0D 58 76 3F 6F A0 75  ..)...=G..Xv?o.u
00E0: 33 A0 2C 33 23 51 C6 E3   92 6E 3A 31 7E B0 0F 19  3.,3#Q...n:1....
00F0: 06 08 F3 1A DA FD F4 81   A0 45 45 FC 78 1C 77 B6  .........EE.x.w.
 
MD5 Fingerprint 10:2A:49:3F:CB:D5:F9:4E:AF:91:4B:88:75:78:DD:F9 
SHA1 Fingerprint AC:E7:5A:CF:CC:29:3E:D8:63:01:DF:AD:BB:43:33:79:D3:A3:E9:45 



Version 3 
Serial 192961496339968674994309121183282847578 
Signature Algorithm SHA256withRSA 
Issuer CN=ISRG Root X1, O=Internet Security Research Group, C=US 
Validity Validity: [From: Fri Sep 04 01:00:00 IST 2020,
               To: Mon Sep 15 17:00:00 IST 2025] 
Subject CN=R3, O=Let's Encrypt, C=US 
Signature 0000: 85 CA 4E 47 3E A3 F7 85   44 85 BC D5 67 78 B2 98  ..NG>...D...gx..
0010: 63 AD 75 4D 1E 96 3D 33   65 72 54 2D 81 A0 EA C3  c.uM..=3erT-....
0020: ED F8 20 BF 5F CC B7 70   00 B7 6E 3B F6 5E 94 DE  .. ._..p..n;.^..
0030: E4 20 9F A6 EF 8B B2 03   E7 A2 B5 16 3C 91 CE B4  . ..........<...
0040: ED 39 02 E7 7C 25 8A 47   E6 65 6E 3F 46 F4 D9 F0  .9...%.G.en?F...
0050: CE 94 2B EE 54 CE 12 BC   8C 27 4B B8 C1 98 2F A2  ..+.T....'K.../.
0060: AF CD 71 91 4A 08 B7 C8   B8 23 7B 04 2D 08 F9 08  ..q.J....#..-...
0070: 57 3E 83 D9 04 33 0A 47   21 78 09 82 27 C3 2A C8  W>...3.G!x..'.*.
0080: 9B B9 CE 5C F2 64 C8 C0   BE 79 C0 4F 8E 6D 44 0C  ...\.d...y.O.mD.
0090: 5E 92 BB 2E F7 8B 10 E1   E8 1D 44 29 DB 59 20 ED  ^.........D).Y .
00A0: 63 B9 21 F8 12 26 94 93   57 A0 1D 65 04 C1 0A 22  c.!..&..W..e..."
00B0: AE 10 0D 43 97 A1 18 1F   7E E0 E0 86 37 B5 5A B1  ...C........7.Z.
00C0: BD 30 BF 87 6E 2B 2A FF   21 4E 1B 05 C3 F5 18 97  .0..n+*.!N......
00D0: F0 5E AC C3 A5 B8 6A F0   2E BC 3B 33 B9 EE 4B DE  .^....j...;3..K.
00E0: CC FC E4 AF 84 0B 86 3F   C0 55 43 36 F6 68 E1 36  .......?.UC6.h.6
00F0: 17 6A 8E 99 D1 FF A5 40   A7 34 B7 C0 D0 63 39 35  .j.....@.4...c95
0100: 39 75 6E F2 BA 76 C8 93   02 E9 A9 4B 6C 17 CE 0C  9un..v.....Kl...
0110: 02 D9 BD 81 FB 9F B7 68   D4 06 65 B3 82 3D 77 53  .......h..e..=wS
0120: F8 8E 79 03 AD 0A 31 07   75 2A 43 D8 55 97 72 C4  ..y...1.u*C.U.r.
0130: 29 0E F7 C4 5D 4E C8 AE   46 84 30 D7 F2 85 5F 18  )...]N..F.0..._.
0140: A1 79 BB E7 5E 70 8B 07   E1 86 93 C3 B9 8F DC 61  .y..^p.........a
0150: 71 25 2A AF DF ED 25 50   52 68 8B 92 DC E5 D6 B5  q%*...%PRh......
0160: E3 DA 7D D0 87 6C 84 21   31 AE 82 F5 FB B9 AB C8  .....l.!1.......
0170: 89 17 3D E1 4C E5 38 0E   F6 BD 2B BD 96 81 14 EB  ..=.L.8...+.....
0180: D5 DB 3D 20 A7 7E 59 D3   E2 F8 58 F9 5B B8 48 CD  ..= ..Y...X.[.H.
0190: FE 5C 4F 16 29 FE 1E 55   23 AF C8 11 B0 8D EA 7C  .\O.)..U#.......
01A0: 93 90 17 2F FD AC A2 09   47 46 3F F0 E9 B0 B7 FF  .../....GF?.....
01B0: 28 4D 68 32 D6 67 5E 1E   69 A3 93 B8 F5 9D 8B 2F  (Mh2.g^.i....../
01C0: 0B D2 52 43 A6 6F 32 57   65 4D 32 81 DF 38 53 85  ..RC.o2WeM2..8S.
01D0: 5D 7E 5D 66 29 EA B8 DD   E4 95 B5 CD B5 56 12 42  ].]f)........V.B
01E0: CD C4 4E C6 25 38 44 50   6D EC CE 00 55 18 FE E9  ..N.%8DPm...U...
01F0: 49 64 D4 4E CA 97 9C B4   5B C0 73 A8 AB B8 47 C2  Id.N....[.s...G.
 
MD5 Fingerprint E8:29:E6:5D:7C:43:07:D6:FB:C1:3C:17:9E:03:7A:36 
SHA1 Fingerprint A0:53:37:5B:FE:84:E8:B7:48:78:2C:7C:EE:15:82:7A:6A:F5:A4:05 

Please provide any additional information below. Attach a screenshot if possible.

Relative:URL: ^/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2021-05-27 19:45:08 +0200 (Thu, 27 May 2021)
Revision:17915
Build-Date:2021-05-28 01:31:01
URL:https://josm.openstreetmap.de/svn/trunk

Identification: JOSM/1.5 (17915 en) Linux Debian GNU/Linux 10 (buster)
Memory Usage: 405 MB / 3952 MB (153 MB allocated, but free)
Java version: 11.0.11+9-post-Debian-1deb10u1, Debian, OpenJDK 64-Bit Server VM
Look and Feel: com.formdev.flatlaf.FlatLightLaf
Screen: :0.0 1920×1080 (scaling 1.00×1.00) :0.1 2560×1440 (scaling 1.00×1.00) :0.2 1080×1920 (scaling 1.00×1.00)
Maximum Screen Size: 2560×1920
Best cursor sizes: 16×16→16×16, 32×32→32×32
Environment variable LANG: en_IE.UTF-8
System property file.encoding: UTF-8
System property sun.jnu.encoding: UTF-8
Locale info: en_IE
Numbers with default locale: 1234567890 -> 1234567890
Desktop environment: GNOME
Java package: openjdk-11-jre:amd64-11.0.11+9-1~deb10u1
WebStart package: icedtea-netx:all-1.8.4-1
Java ATK Wrapper package: libatk-wrapper-java:all-0.33.3-22
libcommons-compress-java: libcommons-compress-java:all-1.18-2+deb10u1
libcommons-logging-java: libcommons-logging-java:all-1.2-2
fonts-noto: fonts-noto:all-20181227-1
liboauth-signpost-java: liboauth-signpost-java:all-1.2.1.2-2
VM arguments: [--patch-module=java.desktop=/usr/share/icedtea-web/javaws.jar:, --add-reads=java.base=ALL-UNNAMED,java.desktop, --add-reads=java.desktop=ALL-UNNAMED,java.naming, --add-reads=java.naming=ALL-UNNAMED,java.desktop, --add-exports=java.desktop/sun.awt=ALL-UNNAMED,java.desktop, --add-exports=java.desktop/javax.jnlp=ALL-UNNAMED,java.desktop, --add-exports=java.base/com.sun.net.ssl.internal.ssl=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.security.action=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.security.provider=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.security.util=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.security.validator=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.security.x509=ALL-UNNAMED,java.desktop, --add-exports=java.base/jdk.internal.util.jar=ALL-UNNAMED,java.desktop, --add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED,java.desktop, --add-exports=java.desktop/sun.awt.X11=ALL-UNNAMED,java.desktop, --add-exports=java.desktop/sun.applet=ALL-UNNAMED,java.desktop, --add-exports=java.desktop/sun.applet=ALL-UNNAMED,jdk.jsobject, --add-exports=java.naming/com.sun.jndi.toolkit.url=ALL-UNNAMED,java.desktop, -Dicedtea-web.bin.name=javaws, -Dicedtea-web.bin.location=/usr/share/icedtea-web/bin/javaws.sh, -Djava.security.manager, -Djava.security.policy=/etc/icedtea-web/javaws.policy]

Plugins:
+ HouseNumberTaggingTool (35640)
+ Lanes (${version.entry.commit.revision})
+ Mapillary (2.0.0-alpha.5)
+ PicLayer (1.0.1)
+ ShapeTools (1240)
+ apache-commons (35524)
+ apache-http (35589)
+ buildings_tools (35756)
+ ejml (35458)
+ flatlaf (35734)
+ geotools (35458)
+ imagery_offset_db (35640)
+ jaxb (35543)
+ jna (35662)
+ jts (35458)
+ measurement (35640)
+ opendata (35640)
+ terracer (35640)
+ todo (30306)
+ utilsplugin2 (35691)
+ wikipedia (1.1.4)

Tagging presets:
+ https://josm.openstreetmap.de/josmfile?page=Presets/Irishboundaries&zip=1

Map paint styles:
+ https://josm.openstreetmap.de/josmfile?page=Styles/ColorWays&zip=1
+ https://josm.openstreetmap.de/josmfile?page=Styles/SimpleRoofTags&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Direction&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/SimpleBuildingTags&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Building_Levels_Labels&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Enhanced_Lane_and_Road_Attributes&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Lane_and_Road_Attributes&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Highway_Nodes&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/LessObtrusiveNodes&zip=1

Attachments (3)

Screenshot from 2021-06-02 10-11-34.png (25.0 KB) - added by donal.hunt@… 12 months ago.
SSL warning
Screenshot from 2021-06-02 10-11-47.png (14.2 KB) - added by donal.hunt@… 12 months ago.
untrusted certificate warning
Screenshot from 2021-06-02 10-12-14.png (55.2 KB) - added by donal.hunt@… 12 months ago.
certificate details.

Download all attachments as: .zip

Change History (11)

Changed 12 months ago by donal.hunt@…

SSL warning

Changed 12 months ago by donal.hunt@…

untrusted certificate warning

Changed 12 months ago by donal.hunt@…

certificate details.

comment:1 Changed 12 months ago by simon04

Component: CoreCore Webstart
Description: modified (diff)
Priority: normalmajor

Reproducible on Windows / Java 8:

URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2021-05-27 19:45:08 +0200 (Thu, 27 May 2021)
Build-Date:2021-05-28 01:31:01
Revision:17915
Relative:URL: ^/trunk

Identification: JOSM/1.5 (17915 de) Windows Server 2019 64-Bit
OS Build number: Windows Server 2019 Standard 1809 (17763)
Memory Usage: 185 MB / 2969 MB (64 MB allocated, but free)
Java version: 1.8.0_252-b09, Oracle Corporation, OpenJDK 64-Bit Server VM
Look and Feel: com.sun.java.swing.plaf.windows.WindowsLookAndFeel
Screen: \Display0 1440×900 (scaling 1.00×1.00)
Maximum Screen Size: 1440×900
Best cursor sizes: 16×16→32×32, 32×32→32×32
System property file.encoding: Cp1252
System property sun.jnu.encoding: Cp1252
Locale info: de_DE
Numbers with default locale: 1234567890 -> 1234567890
VM arguments: [-XX:TieredStopAtLevel=1, -XX:MinHeapFreeRatio=20, -XX:MaxHeapFreeRatio=40, -Ditw.userdata=C:/Users/Simon/AppData/Local/ojdkbuild/java-1.8.0-openjdk-1.8.0.252-2.b09.ojdkbuild.windows.x86_64/webstart/, -Dicedtea-web.bin.name=javaws.exe, -Dicedtea-web.bin.location=C:/Program Files/ojdkbuild/java-1.8.0-openjdk-1.8.0.252-2/webstart/javaws.exe]

comment:2 Changed 12 months ago by stoecker

Aaargh. I feared some shit will happen after Let's Encrypt changed the chain again.

comment:3 Changed 12 months ago by stoecker

If someone can build me a valid chain based on this and acceptable to Java it would be a great help:

That's what I get with Let's Encrypt:

Certificate chain
 0 s:CN = josm.openstreetmap.de
   i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISA6OZl/03hA5hvGq93bIvjSIoMA0GCSqGSIb3DQEBCwUA
...
HHe2
-----END CERTIFICATE-----
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
...
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
...
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

That's what I added to get the chain complete (which seems not to be the right one):

 3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
...
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

comment:4 Changed 12 months ago by stoecker

Replaced the last one:

 3 s:O = Digital Signature Trust Co., CN = DST Root CA X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
...
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Does it work now?

Last edited 12 months ago by stoecker (previous) (diff)

comment:5 Changed 12 months ago by simon04

Yes, perfect, thank you! Fixed for my test environment from comment:1.

comment:6 Changed 12 months ago by stoecker

Resolution: fixed
Status: newclosed

comment:7 Changed 12 months ago by stoecker

P.S. We'll see if similar issues happen with other Let's Encrypt servers or my broken last cert was the problem.

comment:8 Changed 12 months ago by simon04

Component: Core WebstartTrac

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.