[jitsi-issues] [JIRA] Closed: (JITSI-944) StartCom certificate in cacerts file

ibauersachs (JIRA) jira-no-reply at java.net
Thu Aug 25 23:38:35 CEST 2011

     [ http://java.net/jira/browse/JITSI-944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ibauersachs closed JITSI-944.

      Assignee: ibauersachs
    Resolution: Won't Fix

We won't modify the original cacerts file of the JRE. Starting from commit r8859 / b3636 (currently baking) there's a new option to change the source of the Root CAs from Java's cacerts to the Windows certificate store (which includes a lot more CAs than Java):

Tools -> Options -> Advanced -> TLS Configuration -> Source of trusted root certificates: Set to Windows

> StartCom certificate in cacerts file
> ------------------------------------
>                 Key: JITSI-944
>                 URL: http://java.net/jira/browse/JITSI-944
>             Project: jitsi
>          Issue Type: New Feature
>          Components: deployment
>    Affects Versions: current
>         Environment: Windows, possibly others where the JRE runtime is included
>            Reporter: rajkosto
>            Assignee: ibauersachs
>            Priority: Minor
>         Attachments: cacerts
>   Original Estimate: 2 minutes
>  Remaining Estimate: 2 minutes
> Jitsi uses it's own JRE runtime, which includes a trusted CA store, but that CA store doesn't include the StartCom CA, which is popular for xmpp servers, so every time i connect to my xmpp server i get a certificate warning. Adding the StartCom CA to the cacerts keystore in jre/lib/security fixed the problem, untill Jitsi performed it's daily autoupdate, trampling the file with the original again.
> Could you please include StartCom certificate into the shipped CA store ? (Firefox and other browsers include it, so it should be secure enough)
> It only takes a few minutes, like so:
> wget http://www.startssl.com/certs/ca.crt
> keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
> wget http://www.startssl.com/certs/sub.class1.server.ca.crt
> keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
> I've included the modified castore that includes the StartCom CA inside of it in the attachment

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://java.net/jira/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


More information about the issues mailing list