Hi,
in the meantime I have activated the https-connection for the eblocker and installed the certificate in firefox and everything works 🙂
But how can I allow other applications on the desktop to access https? In my case the download of the film list in MediathekView (Java application, https://mediathekview.de/) does not work anymore. When I pause the eblocker everything works. Unfortunately MediathekView does not know how to import certificates.
What is the best way to proceed here?
My system: Manjaro linux, KDE, OpenJDK (14.0.2), White eblocker updated to 2.5.6
Thanks a lot,
Julius
Hi Julius,
you have HTTPS enabled and have the CA-Certificate in the certificate-store from Firefox.
So Firefox can handle the connection to eBlocker.
So now we go to your application "MedithekView" this is an Java-application this application
knows nothing about your eBlocker certifikate, and if this do an HTTPS connect you will get an error but you see nothing. 🤨
One way, set all URL from the Mediathek in Trusted Websites, ... 🙂
Is that an workaround? How many!?
Have someone another idea?
I will thin about it and test this Application, give a few days...
regards
PIO78
So now we go to your application "MedithekView" this is an Java-application this application
knows nothing about your eBlocker certifikate, and if this do an HTTPS connect you will get an error but you see nothing. 🤨
One way, set all URL from the Mediathek in Trusted Websites, ... 🙂
Is that an workaround? How many!?
That might be a solution -- but unfortunately I do not know the list of URLs. As Mediathekview connects to a bunch of online-services (ARD, ZDF, ORF, all 3rd channels in Germany,...) this list is maybe not small and it might change during time as well...
It should be as easy as in firefox
Just click on start and type "java control panel" and start it.
See the attached screenshot.
There you click on security -> manage certificates ->ca for secure sites and add the eblocker vertificate.
I will try to verify this also
Ignore this... I try to deep dive into it... had similar issues at a customer, but here, adding the certificate doesn't help.
regards
Sven
Here you can find something regarding the java keystore
https://wiki.rz.fh-schmalkalden.de/zertifikate -> search for "Zertifikate installieren für Java" at the very end of the site.
regards
Sven
Solution found
I use the portable Mediathekview and placed it in c:\Tools\MediathekView
C:\>C:\Tools\MediathekView\jre\bin\keytool.exe -import -trustcacerts -alias eBlocker -file c:\tools\MediathekView\eBlocker-Certificate-RaspBerryPi4-2020-10-14.crt -keystore C:\Tools\MediathekView\jre\lib\security\cacertsSpoilerOutputWarnung: Verwenden Sie die Option -cacerts für den Zugriff auf den cacerts Keystore
Keystore-Kennwort eingeben: changeit <-- this is default
Eigentümer: CN=eBlocker - RaspBerryPi-4-eBlocker-2_fresh - 2020/10/14
Aussteller: CN=eBlocker - RaspBerryPi-4-eBlocker-2_fresh - 2020/10/14
Seriennummer: 44b62181acb64e2c9e63cc09d7250a48
Gültig von: Wed Oct 14 17:42:30 CEST 2020 bis: Sat Oct 14 17:42:30 CEST 2023
Zertifikatsfingerprints:
SHA1: 4A:48:9A:75:E0:A8:B4:22:C3:6D:55:DD:1E:86:16:FB:E0:AB:54:11
SHA256: CF:28:A9:5A:93:94:2E:13:8C:81:82:77:BD:90:E9:92:8F:4E:9F:2A:DB:52:47:14:82:3B:9A:3E:E6:2C:AD:47
Signaturalgorithmusname: SHA256withRSA
Public Key-Algorithmus von Subject: 2048-Bit-RSA-Schlüssel
Version: 3
Erweiterungen:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 91 C1 95 18 83 A1 4F 89 3D 04 49 0D 61 C0 8F B8 ......O.=.I.a...
0010: E1 F7 14 12 ....
]
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:1
]
#3: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 91 C1 95 18 83 A1 4F 89 3D 04 49 0D 61 C0 8F B8 ......O.=.I.a...
0010: E1 F7 14 12 ....
]
]
Diesem Zertifikat vertrauen? [Nein]: ja
Zertifikat wurde Keystore hinzugefügt
When asked for a password -> changeit
when asked for trust certificate -> yes
Now the MediathekView is downloading and working :)
Regards
Sven
This process has to be done on any new Java Versions, when the file cacerts in the variable keystore changes and for every program which uses its own cacerts file!
When a program is using the installed java version, you need to do that for the local installed java runtime.
example for running in an admin dosbox for the newest Java 1.8 Runtime x86
"Program Files (x86)\Java\jre1.8.0_271\bin\keytool.exe" -import -trustcacerts -alias eBlocker -file c:\Tools\eBlocker-Certificate-RaspBerryPi4-2020-10-14.crt -keystore "C:\Program Files (x86)\Java\jre1.8.0_271\lib\security\cacerts"
@calimero Well done! Great support! 😎 🤩 😎
BTW (for readers using windows): On Win10 I use Mediaview without any problem. There it simply seems to use eBlocker‘s certificate thats installed in the windows certificate storage.
Thanks 🙂
Can you tell me which Mediathek version you use and which Java Version?
I am also using Win10 and for both (installed and portable) I needed to start the keytool
regards
Sven
@calimero Well done! Great support! 😎 🤩 😎
Indeed, you rock! Thank you for your help!
For the records and documentation for usage with manjaro linux (being logged in as root in a terminal):
- Check the java version your are running and maybe define a new default
archlinux-java status archlinux-java set VERSION
- Search the keystore for your (default) java version(s) and import the eblocker-key, in my case
keytool -import -trustcacerts -alias eBlocker -file /home/[...]/eBlocker-Certificate-My_eBlocker-2019-09-20.crt -keystore /usr/lib64/jvm/java-14-openjdk/lib/security/cacerts
If you are asked for a keystore-password, try "changeit" - Enjoy https-requests handled by eblocker for all java-apps using the specified java-version/installation
Again - thank you for your help 🙂
Links to read a bit more about it