Could it be a ca-cert.org so there's some kind of authority that people might have a root cert already installed for? On Jul 7, 2014 6:37 AM, "Dirk Stöcker" <openstreet...@dstoecker.de> wrote:
> On Sun, 6 Jul 2014, Maarten Deen wrote: > > I opened JOSM (webstart) and it came with a question to install a >> certification authority for localhost with a sha1 thumbprint >> I have no knowledge of having generated a sha1 thumbprint on my windows >> computer, so I am interested to know how JOSM can ask this. >> I also don't know why JOSM needs this. Is this something from JOSM or has >> some worm crawled in? (yes, this was the first thing that entered my mind). >> > > Due to the browser restrictions of today any request to the remote control > of JOSM needs to be HTTPS as well when used from a HTTPS page. For a HTTPS > server functionality we need a certificate. The request you talk about > tries to copy that certificate to the JAVA keystore, so it can be used. The > browser still should ask you about it (at least for first connection), as > it is a self-signed cert. > > We are aware of the fact, that using an open-source certificate is > snake-oil, but it is required to get it work at all. > > Lets make it clear that, not having created this thumbprint myself, I can >> not verify this thumbprint and that this seems a very strange way of >> operating. >> > > If you have a better solution, feel free to fix it. > > Ciao > -- > http://www.dstoecker.eu/ (PGP key available) > > _______________________________________________ > josm-dev mailing list > josm-dev@openstreetmap.org > https://lists.openstreetmap.org/listinfo/josm-dev > _______________________________________________ josm-dev mailing list josm-dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/josm-dev
