The following warnings occurred:
Warning [2] Undefined property: MyLanguage::$archive_pages - Line: 2 - File: printthread.php(287) : eval()'d code PHP 8.1.2-1ubuntu2.14 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/printthread.php(287) : eval()'d code 2 errorHandler->error_callback
/printthread.php 287 eval
/printthread.php 117 printthread_multipage



RouteConverter Forum
Tiles server in https only - Printable Version

+- RouteConverter Forum (https://forum.routeconverter.com)
+-- Forum: Users (https://forum.routeconverter.com/forum-17.html)
+--- Forum: English: Discussions (https://forum.routeconverter.com/forum-12.html)
+--- Thread: Tiles server in https only (/thread-2960.html)

Pages: 1 2


Tiles server in https only - tybern - 08.01.2020

Hello,

And first, Happy New Year !

Well... I have a new problem with a tiles server, which since a few days accepts only requests to "https" address now.
So, I have a userservers.xml file, which works fine previously, I changed "http" for "https" in URLs, but it don't works...

My question : is RC works with SSL/TLS only tiles servers ? And where to put certificates if needed ?

Best regards


RE: Tiles server in https only - routeconverter - 08.01.2020

(08.01.2020, 15:06)tybern Wrote: Well... I have a new problem with a tiles server, which since a few days accepts only requests to "https" address now.
So, I have a userservers.xml file, which works fine previously, I changed "http" for "https" in URLs, but it don't works...

Please give an example. In the past I had to change a lot of tile server protocols to https since they don't support http anymore and there are problems with redirects from http to https.

(08.01.2020, 15:06)tybern Wrote: My question : is RC works with SSL/TLS only tiles servers ?

Not that I'm aware of.

(08.01.2020, 15:06)tybern Wrote: And where to put certificates if needed ?

The CA root certificates should be part of the Java VM already.


RE: Tiles server in https only - tybern - 08.01.2020

(08.01.2020, 15:36)routeconverter Wrote: Please give an example. In the past I had to change a lot of tile server protocols to https since they don't support http anymore and there are problems with redirects from http to https.
 
So, here is one :

Code:
<mapServer id="IGN Topo" name="IGN Topo 25" minZoom="2" maxZoom="18">
    <host>wxs.ign.fr</host>
    <urlPattern>https://#{host}/choisirgeoportail/wmts?SERVICE=WMTS&amp;VERSION=1.0.0&amp;REQUEST=GetTile&amp;LAYER=GEOGRAPHICALGRIDSYSTEMS.MAPS&amp;STYLE=normal&amp;FORMAT=image/jpeg&amp;TILEMATRIXSET=PM&amp;TILEMATRIX=#{zoom}&amp;TILEROW=#{tiley}&amp;TILECOL=#{tilex}.jpg</urlPattern>
    <copyright>IGN</copyright>
</mapServer>

Any idea to solve the problem ?


RE: Tiles server in https only - routeconverter - 08.01.2020

(08.01.2020, 15:52)tybern Wrote: Any idea to solve the problem ?

Correct the URL pattern. Your example makes requests to

https://wxs.ign.fr/choisirgeoportail/wmts?SERVICE=WMTS&VERSION=1.0.0&REQUEST=GetTile&LAYER=GEOGRAPHICALGRIDSYSTEMS.MAPS&STYLE=normal&FORMAT=image/jpeg&TILEMATRIXSET=PM&TILEMATRIX=14&TILEROW=5290&TILECOL=8641.jpg

and the server there answers

Code:
<ExceptionReport xmlns="http://www.opengis.net/ows/1.1">
<Exception exceptionCode="Not Found"> Aucune donnée </Exception>
</ExceptionReport>



RE: Tiles server in https only - routeconverter - 08.01.2020

When I go to

https://www.geoportail.gouv.fr/carte

then the tiles are downloaded from

https://wxs.ign.fr/an7nvfzojv5wa96dsga5nk8w/geoportail/wmts?gp-ol-ext=3.0.5&layer=GEOGRAPHICALGRIDSYSTEMS.MAPS.OVERVIEW&style=normal&tilematrixset=PM&Service=WMTS&Request=GetTile&Version=1.0.0&Format=image%2Fjpeg&TileMatrix=3&TileCol=3&TileRow=2

And that an7nvfzojv5wa96dsga5nk8w seems to be a key. Looks like they took some measures that URLs cannot be calculated that easily...


RE: Tiles server in https only - tybern - 08.01.2020

"Correct the URL pattern. Your example makes requests to"

But it works beforer... excepts the "s" of https...

"And that an7nvfzojv5wa96dsga5nk8w"

It is the key for the Geoportail site.
The key "choisirgeoportail" I used is a test key, valid !

And I'm using two other apps which works fine with same access (MOBAC and Locus Map) : the problem is for me only with RC, and only since the tile server works only in https.


RE: Tiles server in https only - tybern - 09.01.2020

So, some tests :

Here is the xml code for this test :

Code:
<mapServer id="IGN Test" name="IGN Test" minZoom="2" maxZoom="18">
<urlPattern>http://wxs.ign.fr/choisirgeoportail/wmts?REQUEST=GetTile&amp;SERVICE=WMTS&amp;VERSION=1.0.0&amp;TILEMATRIXSET=PM&amp;LAYER=GEOGRAPHICALGRIDSYSTEMS.MAPS&amp;STYLE=normal&amp;FORMAT=image/jpeg&amp;TILECOL=#{tilex}&amp;TILEROW=#{tiley}&amp;TILEMATRIX=#{zoom}</urlPattern>
<copyright>IGN</copyright>
</mapServer>

And here is an IP analyzer (Wireshark) capture (request and response) :

Code:
GET /choisirgeoportail/wmts?REQUEST=GetTile&SERVICE=WMTS&VERSION=1.0.0&TILEMATRIXSET=PM&LAYER=GEOGRAPHICALGRIDSYSTEMS.MAPS&STYLE=normal&FORMAT=image/jpeg&TILECOL=4125&TILEROW=2821&TILEMATRIX=13 HTTP/1.1
User-Agent: RouteConverter Map Client/2.27
Host: wxs.ign.fr
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://wxs.ign.fr/choisirgeoportail/wmts?REQUEST=GetTile&SERVICE=WMTS&VERSION=1.0.0&TILEMATRIXSET=PM&LAYER=GEOGRAPHICALGRIDSYSTEMS.MAPS&STYLE=normal&FORMAT=image/jpeg&TILECOL=4125&TILEROW=2821&TILEMATRIX=13

The request is not satisfied, because done in "http", and an http-301 is returned. 
RC don't display anything.
If I enter the new location in my Web browser, it works.

If I replace "http" by "https" in the XML code, it don't works in RC.
But unable to log IP stream, it is cyphered now...

So, for me, it's a problem in RC and because of SSL only connection.

Best regards


RE: Tiles server in https only - tybern - 09.01.2020

Me again...

Here is a thread about this problem with IGN in MOBAC forum :

https://sourceforge.net/p/mobac/forum/general/thread/65095f84a4/#32da/84ba

The problem is that the root CA is not in the trust store of Java Run Time.
There is a workaround proposed in this thread, but don't know if it is transposable to RC, and if yes, how to proceed...

Best regards


RE: Tiles server in https only - tybern - 10.01.2020

My progress...

The root CA needed by IGN certificate is "Certigna", which is not present in Java JRE cacerts.

I've included the root CA certificate of Certigna in Java cacerts.

If I run RouteConverter for macOS, it don't works again...
BUT, if in run Linux version of RC under macOS (with java -jar RouteConverterLinux.jar), it works !

So, I supposed is it because the cacerts used by RouteConverterMacOpenSource.app is in app, not in /Library/... and yes, it is.

I imported the Certigna root CA certificate in the cacerts file included in the app, and...
 ... it works now !

So the conclusion : it is necessary and sufficient to import the Certigna root CA certificate in the trust store of the Java JRE.
For the macOS version, the trust store is included in app, so, I can do it only "manually", but I'm sure you can do it definitively for me ... !  Smile

Best regards


RE: Tiles server in https only - routeconverter - 11.01.2020

(10.01.2020, 22:01)tybern Wrote: If I run RouteConverter for macOS, it don't works again...
BUT, if in run Linux version of RC under macOS (with java -jar RouteConverterLinux.jar), it works !

Great!

(10.01.2020, 22:01)tybern Wrote: So, I supposed is it because the cacerts used by RouteConverterMacOpenSource.app is in app, not in /Library/... and yes, it is.

You're right. The old applauncher approach didn't work with macOS 10.14 and later, so I've switch to a new one based on jpackage which means the RouteConverterMacOpenSource.app contains a prerelease of JRE 14.

(10.01.2020, 22:01)tybern Wrote: I imported the Certigna root CA certificate in the cacerts file included in the app, and...
 ... it works now !

How do you do that? Could you provide all the necessary files and command lines?

(10.01.2020, 22:01)tybern Wrote: So the conclusion : it is necessary and sufficient to import the Certigna root CA certificate in the trust store of the Java JRE.
For the macOS version, the trust store is included in app, so, I can do it only "manually", but I'm sure you can do it definitively for me ... !  Smile

I'll try if you make it easy for me ;-)