[josm-dev] JOSM wants to add a certificate?

[Dirk Stöcker]

On Sun, 6 Jul 2014, Maarten Deen wrote:

> I opened JOSM (webstart) and it came with a question to install a 
> certification authority for localhost with a sha1 thumbprint
> I have no knowledge of having generated a sha1 thumbprint on my windows 
> computer, so I am interested to know how JOSM can ask this.
> I also don't know why JOSM needs this. Is this something from JOSM or has 
> some worm crawled in? (yes, this was the first thing that entered my mind).

Due to the browser restrictions of today any request to the remote control 
of JOSM needs to be HTTPS as well when used from a HTTPS page. For a HTTPS 
server functionality we need a certificate. The request you talk about 
tries to copy that certificate to the JAVA keystore, so it can be used. 
The browser still should ask you about it (at least for first connection), 
as it is a self-signed cert.

We are aware of the fact, that using an open-source certificate is 
snake-oil, but it is required to get it work at all.

> Lets make it clear that, not having created this thumbprint myself, I can not 
> verify this thumbprint and that this seems a very strange way of operating.

If you have a better solution, feel free to fix it.

Ciao
-- 
http://www.dstoecker.eu/ (PGP key available)