#18920 closed defect (fixed)
Spanish cadastre WMS now signed by FNMT-RCM (Fábrica Nacional de Moneda y Timbre - Real Casa de la Moneda)
| Reported by: | Owned by: | Don-vip | |
|---|---|---|---|
| Priority: | normal | Milestone: | 20.03 |
| Component: | Core imagery | Version: | |
| Keywords: | template_report spain | Cc: | Don-vip |
Description (last modified by )
What steps will reproduce the problem?
- in josm goto --> settings--> WMS/TMS
- activate Spanisches Cataster
What is the expected result?
JOSM should render the Cataster
What happens instead?
it shows me a red error warning :
javax.net.ssl.HandshakeException ; sun.security.validator.Validatorexception: PKIX path building failed:
Please provide any additional information below. Attach a screenshot if possible.
Please include this service again as backgroundpicture. May the webadress has change.
See also http://www.catastro.minhap.gob.es/webinspire/documentos/inspire-WMS.pdf
URL:https://josm.openstreetmap.de/svn/trunk Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b Last:Changed Date: 2020-02-26 10:50:27 +0100 (Wed, 26 Feb 2020) Build-Date:2020-02-26 09:52:41 Revision:15937 Relative:URL: ^/trunk Identification: JOSM/1.5 (15937 de) Windows 7 32-Bit OS Build number: Windows 7 Professional (7601) Memory Usage: 269 MB / 989 MB (84 MB allocated, but free) Java version: 1.8.0_241-b07, Oracle Corporation, Java HotSpot(TM) Client VM Screen: \Display0 1920x1080, \Display1 1920x1080 Maximum Screen Size: 1920x1080 Dataset consistency test: No problems found Plugins: + BuildingGeneralization (23) + DirectDownload (35248) + DirectUpload (35248) + HouseNumberTaggingTool (35248) + ImproveWay (29) + InfoMode (35248) + alignways (35248) + austriaaddresshelper (57) + colorscheme (35248) + continuosDownload (91) + dataimport (35248) + ejml (35122) + jaxb (35092) + log4j (35092) + namemanager (35248) + openvisible (35248) + pbf (35248) + turnrestrictions (35313) Map paint styles: + https://josm.openstreetmap.de/josmfile?page=Styles/Surface-DataEntry&zip=1 + https://josm.openstreetmap.de/josmfile?page=Styles/ShowID&zip=1 Last errors/warnings: - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target - W: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Ursache: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Attachments (3)
Change History (20)
by , 5 years ago
| Attachment: | WMSErrorSpain.jpg added |
|---|
comment:1 by , 5 years ago
| Component: | Core → Core imagery |
|---|---|
| Description: | modified (diff) |
| Summary: | wms service for catastro spain is not more available. Please include this service again as backgroundpicture. May the webadress has change .See also http://www.catastro.minhap.gob.es/webinspire/documentos/inspire-WMS.pdf → wms service for catastro spain is not more available. |
comment:2 by , 5 years ago
| Cc: | added |
|---|---|
| Milestone: | → 20.03 |
Server works. HTTPS is certified by AC RAIZ FNMT-RCM. That again seems to be a certificate instance of a state, in this case Spain. Accepted by everybody, except Java (again).
Windows/Android/Mozilla:
FNMT-RCM / AC RAIZ FNMT-RCM Fingerprint SHA256: ebc5570c29018c4d67b1aa127baf12f703b4611ebc17b7dab5573894179b93fa SHA1: EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 Pin SHA256: L8VmekuaJnjtasatJUZfy/YJS/zZUECXx6j6R63l6Ig= RSA 4096 bits (e 65537) / SHA256withRSA
Vincent. Please :-)
comment:3 by , 5 years ago
| Keywords: | spain added |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
comment:4 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:6 by , 5 years ago
| Summary: | wms service for catastro spain is not more available. → Spanish cadastre WMS now signed by FNMT-RCM (Fábrica Nacional de Moneda y Timbre - Real Casa de la Moneda) |
|---|
comment:8 by , 5 years ago
A note to the SHA1- and SHA-256 duplicate cert issue. These are both the same cert. As the hash algorithm has no real importance for the self-signed root certificates the old SHA1 certificates have not been replaced/revoked when it has been decided to no longer use SHA1. They simply reissued the same cert with SHA256 so that SHA1 can silently die. Still using the SHA1 root cert has no negative consequences thought.
comment:9 by , 5 years ago
Hello at all programmers.
I try to use Build 16149 . My java is Java-version 1.8.0_241. But Build 16149 gives me still the same error : Fehler beim Herunterladen von Kacheln: javax.net.ssl.SSLHandShakeException:sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Please give me a hint, how to solve the problem. I am not a programmer, but have a good expirience at my pc..
comment:10 by , 5 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Hello at all programmers.
I try to use Build 16149 . My java is Java-version 1.8.0_241. But Build 16149 gives me still the same error : Fehler beim Herunterladen von Kacheln: javax.net.ssl.SSLHandShakeException:sun.security.validator.ValidatorException:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Please give me a hint, how to solve the problem. I am not a programmer, but have a good expirience at my pc..
comment:11 by , 5 years ago
@morgen1: this feature is strongly linked to your OS. please tell me if you're running Windows, macOS or Linux, and what exact version.
comment:13 by , 5 years ago
Ah, didn't notice it was the reporter speaking.
@morgen1: Please start JOSM in command line with --trace argument (java -jar josm-latest.jar --trace) and attach the console output.
Also please share a screenshot of the root certificates installed in Windows, see below for my system:
by , 5 years ago
| Attachment: | 18920_worksforme.png added |
|---|
comment:14 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
at first : josm-latest.jar runs fine at W10 Proffesional. Catastro Spain was loaded successfull. I found on the W10 machine using certmgr.msc 2 Certificates from AC RAIZ FNMT-RCM. This 2 certificates wars not installed at the Windows7 machine. Then I export/import this 2 certificates to my W7 32 bit PC. This export/import solved my problem. After this 2 certificates was installed at the W7 machine, JOSM-LATEST.JAR runs also fine with catastro spain. the certmngr.msc says by import, 'it can not confirmed, this certificate is original' (or analougus...). I have nevertheless it installed and catastro spain as background is loaded.
The reason for the error was the missing certificates. Thanks for your work and hints's
Regards morgen1
comment:15 by , 5 years ago
It's strange, you shouldn't have to do all these steps, JOSM would have done them for you. It probably doesn't work on Windows 7. But as the system is now in extended support, I guess we can live with that.
by , 5 years ago
| Attachment: | logfilejosm added |
|---|
Logfile , created befor the certificat was registred
follow-up: 17 comment:16 by , 5 years ago
for your investigation I have attached the logfile. The logfile was written by josm-latest.jar befor the certificate was manually installed.
comment:17 by , 5 years ago
Replying to morgen1 <webmaster@…>:
for your investigation I have attached the logfile. The logfile was written by josm-latest.jar befor the certificate was manually installed.
This is really strange:
2020-03-16 23:31:20.460 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:20.476 AM FEINSTEN: null 2020-03-16 23:31:20.773 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:20.773 AM FEINSTEN: null 2020-03-16 23:31:20.851 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:20.851 AM FEINSTEN: null 2020-03-16 23:31:21.007 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.007 AM FEINSTEN: null 2020-03-16 23:31:21.148 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.164 AM FEINSTEN: null 2020-03-16 23:31:21.304 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.304 AM FEINSTEN: null 2020-03-16 23:31:21.382 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.382 AM FEINSTEN: null 2020-03-16 23:31:21.554 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.554 AM FEINSTEN: null 2020-03-16 23:31:21.710 AM FEINSTEN: Ignoring null as SHA-256 signature does not match 2020-03-16 23:31:21.710 AM FEINSTEN: null
I'll try to reproduce on Windows 7
Screenshot