Invalid HTTPS certificate #5282
Comments
Author: don-vip By the way, http://api06.dev.openstreetmap.org/api/capabilities does not respond since several days: has the test API been shut down? |
Author: TomH We have reverted to the old certificate for now, but JOSM really needs to find a way to trust the StartCom root certificate (it already does on Fedora, where Java uses the mozilla cert bundle rather than the java default one). The dev server is down this weekend due to a scheduled power outage at one of our hosting sites. |
Author: don-vip Replying to [comment:2 TomH]:
not so easy! it requires root privileges. On Windows installing a root CA displays a very scary popup. Besides it would require a new version of JOSM, leaving in the wild all older clients. We wouldn't have switched to HTTPS by default if we were expecting that you switch to an unknown Root CA. Why don't you stay with your current provider? |
Author: don-vip ok found the original ticket: openstreetmap/operations#2 we can discuss there if you want |
Author: TomH It needs root perms to install into the system store, but presumably JOSM could add to the local bundle that it is using? You'd need to ask Grant why we switched but I think the main reason is that we could get certs that covered a wider range of domains and at lower cost. It's a provider that is recognised by all the main browsers - we just hadn't realised that Java didn't recognise it. |
Author: TomH So far http://nelenkov.blogspot.co.uk/2011/12/using-custom-certificate-trust-store-on.html is the best resource I have found on how to create a customer TrustManager that trusts extra certificates while mostly deferring to the system store. It looks like there are extra complications depending on what https client(s) are being used though as you have to persuade them to use the custom TrustManager. |
Reporter: don-vip
[Submitted to the original trac issue database at 7.13pm, Friday, 20th February 2015]
Something has changed today on the HTTPS certificate used by the OSM API, and it is no more possible to access it with JOSM and latest version of Java (8u31):
Looking at https://api.openstreetmap.org with Chrome, I have a similar warning as well, about untrust certificate.
The text was updated successfully, but these errors were encountered: