Gutten Tag
I was testing some https tile servers configurations, watching the protocols with fiddler software. Fiddler is not perfect since it cannot decode the https transaction (this is why https is implemented
).
I was surprise to see that all requests are using HTTP protocol, although on port 443 and using SSL, when other apps (such as ITNconv) are using HTTPS instead.
I also realize that some of the https tile servers configured are not functioning in RC.
The following servers fail to display tiles in RC :
My recipe to install the certificate :
(change the file path according to your system)
I have :
Owner: CN=Certigna, O=Dhimyotis, C=FR
Owner: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
But still no success on both Linux and Windows.
I also add this certificates in the OS keystores... but to no avail.
There must be something else. Is there a DEBUG MODE for RC ? In order to have verbose log file and the like ?
Vielen Grüssen
Charly
PS : I'll be off for the next 4 days, be back on monday evening...
I was testing some https tile servers configurations, watching the protocols with fiddler software. Fiddler is not perfect since it cannot decode the https transaction (this is why https is implemented
). I was surprise to see that all requests are using HTTP protocol, although on port 443 and using SSL, when other apps (such as ITNconv) are using HTTPS instead.
I also realize that some of the https tile servers configured are not functioning in RC.
The following servers fail to display tiles in RC :
- HikeBikeMap :
Their SSL certificates is issued for wma.wmcloud.org and is used for tiles.wmcloud.org. This is not the same name, thus the problem.
- IGN :
according to the previous messages in this topic the certification authority is not declared in the Java CACERT library. I extracted the CA from my Firefox browser, put it in the standard Windows certificates store => no improvement.
Tried the same on a Linux machine (Mint/Ubuntu) : the Java CACERT is a symbolic link to the Linux CACERT, I added the Certigna CA as well => no improvement.
My recipe to install the certificate :
- extract the "Certigna Root CA" certificate CRT file from your browser.
- then run the following command (adapt the file path according to your system).
under Windows (use a command line window with admin priviledge) : I identified that RC used JRE1.8 (in C:\Program Files\Java\jre-1.8) with cacerts in lib\security\cacerts under the JRE main directory.
Code:Linux :
keytool -import -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -alias CertignaRootCA -file ./CertignaRootCA.crt
Windows :
C:\Program Files\Java\jre-1.8>bin\keytool.exe -import -keystore lib\security\cacerts -storepass changeit -alias CertignaRootCA -file C:\Downloads\CertignaRootCA.crt
Code:
echo 'changeit' | keytool -list -v -keystore /etc/ssl/certs/java/cacerts | grep 'Owner:'I have :
Owner: CN=Certigna, O=Dhimyotis, C=FR
Owner: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
But still no success on both Linux and Windows.
I also add this certificates in the OS keystores... but to no avail.
There must be something else. Is there a DEBUG MODE for RC ? In order to have verbose log file and the like ?
Vielen Grüssen
Charly
PS : I'll be off for the next 4 days, be back on monday evening...