Cannot download data (not up-to-date Java)

[emmanuel.sambale@…]

Using the latest JOSM today, I cannot download any data, error below:

2018-04-09 07:57:55.866 SEVERE: IO Exception - <html>Failed to upload data to or download data from<br>'https://api.openstreetmap.org/api/0.6/map?bbox=121.0780853,14.5131925,121.0837233,14.5162461'<br>due to a problem with transferring data.<br>Details (untranslated): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</html>

URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2018-04-08 14:43:17 +0200 (Sun, 08 Apr 2018)
Build-Date:2018-04-09 01:32:11
Revision:13609
Relative:URL: ^/trunk

Identification: JOSM/1.5 (13609 en) Mac OS X 10.13.4
OS Build number: Mac OS X 10.13.4 (17E199)
Memory Usage: 653 MB / 1820 MB (441 MB allocated, but free)
Java version: 1.8.0_60-b27, Oracle Corporation, Java HotSpot(TM) 64-Bit Server VM
Screen: Display 69680256 1366x768
Maximum Screen Size: 1366x768
VM arguments: [-Djosm.pref=<josm.pref>/]

Plugins:
+ FastDraw (34109)
+ ImproveOsm (132)
+ Mapillary (v1.5.10)
+ OpenStreetCam (143)
+ alignways (34109)
+ apache-commons (34109)
+ apache-http (34109)
+ buildings_tools (34109)
+ changeset-viewer (14)
+ continuosDownload (68)
+ ejml (34126)
+ geojson (80)
+ geotools (34125)
+ imagery_offset_db (34109)
+ jogl (1.1.0)
+ jts (34038)
+ kendzi3d (1.0.200)
+ kendzi3d-resources (0.0.1)
+ log4j (34038)
+ measurement (34109)
+ opendata (34132)
+ photo_geotagging (34109)
+ reverter (34109)
+ tageditor (34109)
+ terracer (34109)
+ todo (30303)
+ tofix (1517601216)
+ turnlanes-tagging (263)
+ utilsplugin2 (34109)

Tagging presets:
+ https://josm.openstreetmap.de/josmfile?page=Presets/LaneAttributes&zip=1
+ https://josm.openstreetmap.de/josmfile?page=Presets/Quick-highways&zip=1
+ ${HOME}/Downloads/US.zip

Map paint styles:
- https://github.com/hotosm/HDM-JOSM-style/archive/master.zip
+ https://josm.openstreetmap.de/josmfile?page=Styles/LessObtrusiveNodes&zip=1
- https://raw.githubusercontent.com/Andygol/josm-styles/master/created_in_2015.mapcss
- ${HOME}/osm/version.mapcss
- https://josm.openstreetmap.de/josmfile?page=Styles/Sidewalks&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Maxspeed&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Lane_and_Road_Attributes&zip=1
- https://raw.githubusercontent.com/species/josm-preset-traffic_sign_direction/master/direction.mapcss
- https://josm.openstreetmap.de/josmfile?page=Styles/Lane_features&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/Lane_features_ryg&zip=1
+ https://josm.openstreetmap.de/josmfile?page=Styles/Coloured_buildings&zip=1
- https://josm.openstreetmap.de/josmfile?page=Styles/LayerChecker&zip=1
- ${HOME}/projects/git/sf_building_height_import/buildingheights.css
- https://raw.githubusercontent.com/bsrinivasa/sf_building_height_import/92202c388a37874a6a979e3b7df37ef865f340a1/buildingheights.css
- https://github.com/gmgeo/osmic-josm-style/archive/master.zip
- https://gist.githubusercontent.com/Rub21/97d9af6e3187d87a0b9bd7bfb1ab5ce2/raw/bbb0752ae97926766b319381ba525f31aea63be4/DisplayMissingDestination.mapcss
- https://github.com/osmlab/appledata/archive/josm_paint_inline_validation.zip

Validator rules:
- ${HOME}/Desktop/area.mapcss

Last errors/warnings:
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- E: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- E: org.openstreetmap.josm.io.OsmTransferException: Could not connect to the OSM server. Please check your internet connection.. Cause: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
- E: IO Exception - <html>Failed to upload data to or download data from<br>'https://api.openstreetmap.org/api/0.6/map?bbox=121.0780853,14.5131925,121.0837233,14.5162461'<br>due to a problem with transferring data.<br>Details (untranslated): sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</html>

[stoecker]

We dropped the Let's Encrypt certificate workaround. Please update to a recent version of Java.

[anonymous]

Nope. I updated to latest Java 8 update 161, I still get the same error. Using my previous working version (see details below) works.

URL:https://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2018-04-02 23:20:00 +0200 (Mon, 02 Apr 2018)
Build-Date:2018-04-03 01:33:52
Revision:13595
Redirecting:to URL 'https://josm.openstreetmap.de/svn/trunk':
Relative:URL: ^/trunk

[stoecker]

Can you please provide a status report with current JOSM and current JAVA containing the error.

[anonymous]

I have it too since upgrading josm-latest. I also tried to put the CA certificates in the java CAstore, which doesn't really seem to work. I have it on api.openstreetmap.org url as well as on the tile links. Any call josm makes in https to osm resources throws that up now. in josm-latest

[Don-vip]

Simply update Java and make sure you're not using an old version. It's that simple. Oracle added the certificate in the JRE two years ago.

[glenn@…]

That doesn't work, you lot keep saying it but it's unverified solution, the certificates (on ubuntu atleast) are not getting updated. Java is also as updated as it can be on my workstation. What does work is this:

Go to ​https://letsencrypt.org/certificates/

Download the following root certificates :

• ISRG Root X1 (self-signed)
• Let’s Encrypt Authority X3 (IdenTrust cross-signed)
• Let’s Encrypt Authority X3 (Signed by ISRG Root X1)

Install these in the JAVA castore as root:

$ keytool -import -noprompt -trustcacerts -alias x1 -file x1.pem -keystore /etc/ssl/certs/java/cacerts -storepass changeit
$ keytool -import -noprompt -trustcacerts -alias isrg -file isrg.pem -keystore /etc/ssl/certs/java/cacerts -storepass changeit
$ keytool -import -noprompt -trustcacerts -alias x3iden -file x3iden.pem -keystore /etc/ssl/certs/java/cacerts -storepass changeit

restarting JOSM after modding josm-latest startup script (/usr/bin)

For me I had to adapt the java opts var:

JAVA_OPTS="-Djosm.restart=true -Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts 
                   -Djosm.home=$HOME/.josm-latest -Djava.net.useSystemProxies=true $JAVA_OPTS"

So I had to explicitely tell it to use the castore:

-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts

[stoecker]

On Linux Java uses the system certificate store (at least here on my system it does).

So if it does not work for you, please report with the status report as requested everywhere when submitting a bug report. This report was for a MacOS system with old Java.

[Don-vip]

It's verified on recent OS. What's your distribution? This is why we keep asking for proper status reports.