[josm-dev] JOSM wants to add a certificate?

Vincent Privat vincent at josm.openstreetmap.de
Tue Jul 8 08:26:45 UTC 2014 

Hi,
As said this is a required mechanism to let you use Remote Control in https
(for example from "Edit" button on main OSM website, when browsed in HTTPS).
See https://josm.openstreetmap.de/ticket/10033 for explanations and
progress update (currently this stuff is only implemented on Windows).
The warning you are referring to is displayed by Windows and we have no
control on it.
The certificate has been generated thereby:
keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias
josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap" -ext
san=ip:127.0.0.1 -keyalg RSA -validity 1825
As you can see it contains proper denomination. We cannot do better for the
certificate itself.
The best we can do is display another warning before the installation,
that's planned in https://josm.openstreetmap.de/ticket/10230
Cheers,
Vincent


2014-07-08 10:13 GMT+02:00 Maarten Deen <mdeen at xs4all.nl>:

> On 2014-07-07 13:36, Dirk Stöcker wrote:
>
>> On Sun, 6 Jul 2014, Maarten Deen wrote:
>>
>>  I opened JOSM (webstart) and it came with a question to install a
>>> certification authority for localhost with a sha1 thumbprint
>>> I have no knowledge of having generated a sha1 thumbprint on my windows
>>> computer, so I am interested to know how JOSM can ask this.
>>> I also don't know why JOSM needs this. Is this something from JOSM or
>>> has some worm crawled in? (yes, this was the first thing that entered my
>>> mind).
>>>
>>
>> Due to the browser restrictions of today any request to the remote
>> control of JOSM needs to be HTTPS as well when used from a HTTPS page.
>> For a HTTPS server functionality we need a certificate. The request
>> you talk about tries to copy that certificate to the JAVA keystore, so
>> it can be used. The browser still should ask you about it (at least
>> for first connection), as it is a self-signed cert.
>>
>
> But whose certificate is it? Where can I validate the key? It is not
> localhost, because my computer is localhost and it is not a key I generated
> on my computer. It is JOSM that is trying to install this certificate. So
> the "certification authority caliming to represent localhost" is not
> correct. At least that should be changed to JOSM.
>
>
>  Lets make it clear that, not having created this thumbprint myself, I can
>>> not verify this thumbprint and that this seems a very strange way of
>>> operating.
>>>
>>
>> If you have a better solution, feel free to fix it.
>>
>
> I really dislike such replies. You seem to insinuate that the only ones to
> make comments are the ones that have the knowledge and ability to change
> the source.
> I hope my view of your answer is incorrect.
> You may not like criticism, but my goal is not to talk the developers of
> JOSM down but to try to give them hints of how things could (IMHO) improve.
>
> Regards,
> Maarten
>
>
> _______________________________________________
> josm-dev mailing list
> josm-dev at openstreetmap.org
> https://lists.openstreetmap.org/listinfo/josm-dev
>

More information about the josm-dev mailing list