[jitsi-issues] [JIRA] Closed: (JITSI-944) StartCom certificate in cacerts file

ibauersachs (JIRA) jira-no-reply at java.net
Thu Aug 25 23:38:35 CEST 2011


     [ http://java.net/jira/browse/JITSI-944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

ibauersachs closed JITSI-944.
-----------------------------

      Assignee: ibauersachs
    Resolution: Won't Fix

We won't modify the original cacerts file of the JRE. Starting from commit r8859 / b3636 (currently baking) there's a new option to change the source of the Root CAs from Java's cacerts to the Windows certificate store (which includes a lot more CAs than Java):

Tools -> Options -> Advanced -> TLS Configuration -> Source of trusted root certificates: Set to Windows

> StartCom certificate in cacerts file
> ------------------------------------
>
>                 Key: JITSI-944
>                 URL: http://java.net/jira/browse/JITSI-944
>             Project: jitsi
>          Issue Type: New Feature
>          Components: deployment
>    Affects Versions: current
>         Environment: Windows, possibly others where the JRE runtime is included
>            Reporter: rajkosto
>            Assignee: ibauersachs
>            Priority: Minor
>         Attachments: cacerts
>
>   Original Estimate: 2 minutes
>  Remaining Estimate: 2 minutes
>
> Jitsi uses it's own JRE runtime, which includes a trusted CA store, but that CA store doesn't include the StartCom CA, which is popular for xmpp servers, so every time i connect to my xmpp server i get a certificate warning. Adding the StartCom CA to the cacerts keystore in jre/lib/security fixed the problem, untill Jitsi performed it's daily autoupdate, trampling the file with the original again.
> Could you please include StartCom certificate into the shipped CA store ? (Firefox and other browsers include it, so it should be secure enough)
> It only takes a few minutes, like so:
> wget http://www.startssl.com/certs/ca.crt
> keytool -import -trustcacerts -alias startcom.ca -file ca.crt -keystore cacerts
> wget http://www.startssl.com/certs/sub.class1.server.ca.crt
> keytool -import -alias startcom.ca.sub -file sub.class1.server.ca.crt -keystore cacerts
> I've included the modified castore that includes the StartCom CA inside of it in the attachment

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://java.net/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        




More information about the issues mailing list