Chri46
July 26, 2018, 7:18am
12
added apple cert to java cert store already.
SSLPoke of icloud.com is just fine:
pi@openhab:~ $ java SSLPoke icloud.com 443
Successfully connected
If something is wrong with the certificates in java environment that SSLPoke to icloud.com should fail in the same way as for:
“SSLpoking” fmipmobile.icloud.com :
pi@openhab:~ $ java SSLPoke fmipmobile.icloud.com 443
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)
at SSLPoke.main(SSLPoke.java:31)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 15 more
pi@openhab:~ $
I added the cert to my keystore too in the moment I checked the url with a browser and thought it might be a fault on apple´s side.
IF the keystore for openhabian is right at “var/lib/openhab2/etc/keystore” it should be imported.
But the exception stays.
echo -n | openssl s_client -connect fmipmobile.icloud.com:443 -prexit 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/icloud2.crt
sudo keytool -importcert -file /tmp/icloud2.crt -alias icloudfmi -keystore /var/lib/openhab2/etc/keystore -storepass openhab
for the ones who want to try and fail aswell but could be a start for @martinvw
Chri46
July 26, 2018, 7:34am
14
tcpdump:
rename the file to *.pcapcert_failure.pdf (6.4 KB)
Same issue here, no change at my end just started around two days ago.
Chri46
July 26, 2018, 8:28am
16
should inserted in java cacert store, but still does not do the trick:
sudo $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -alias icloud2-Root-CA -file /tmp/icloud2.crt
Hi all,
no details, as I am writing using the phone - but I was able to get it working again by importing both certificates … will post a how to from my computer tomorrow …
regards,
martinvw
July 26, 2018, 9:52pm
18
Indeed, that is similar to what I read on other places somehow the whole chain is needed is most cases.
I started using the way described by @apfelflo89 , it looks good but the troubles that are multiple hosts behind the single ip, so a servername param has to be passed then its more easy, I first got the *.icloud.com certificate of the openssl command which was not the one we actually got when running.
echo -n | openssl s_client -servername fmipmobile.icloud.com -host fmipmobile.icloud.com -port 443 -prexit -showcerts 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/icloud2.crt
cd /tmp
csplit -f cert /tmp/icloud2.crt '/^-----BEGIN CERTIFICATE-----/' {*}
// back to java dir, in my case /usr/lib/java-8
bin/keytool -importcert -file /tmp/cert01 -alias icloudfmi1 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
bin/keytool -importcert -file /tmp/cert02 -alias icloudfmi2 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
My account is now online, and after forcing a refresh by updating my accounts my devices came online as well. Thanks for the fragments of tips and tricks and good luck solving it locally.
8 Likes
nodgesoft
July 27, 2018, 2:06am
19
Thanks for the summary martinvw, worked great for me!
Uspinhal
July 27, 2018, 2:09am
20
Thanks for the tutorial @martinvw
I´m back online too, thanks for looking in to it!
Did you find information about how long the certificate will be valid?
Great work! Any ideas on how to achieve this on a windows installation of openHAB?
The-Elk
July 27, 2018, 7:28am
23
martinvw:
// back to java dir, in my case /usr/lib/java-8
How is the right DIR for openhabian?
THX
Stefan
Syn
July 27, 2018, 7:38am
24
The dir is:/usr/lib/jvm/zulu-embedded-8-armhf
dale
July 27, 2018, 7:43am
25
martinvw:
echo -n | openssl s_client -servername fmipmobile.icloud.com -host fmipmobile.icloud.com -port 443 -prexit -showcerts 2>/dev/null | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /tmp/icloud2.crt cd /tmp csplit -f cert /tmp/icloud2.crt ‘/^-----BEGIN CERTIFICATE-----/’ {*} // back to java dir, in my case /usr/lib/java-8 bin/keytool -importcert -file /tmp/cert01 -alias icloudfmi1 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit bin/keytool -importcert -file /tmp/cert02 -alias icloudfmi2 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
On a fedora 27 server java is at /usr/java/jre1.8.0_152/
Thanks for the hints.
martinvw:
bin/keytool -importcert -file /tmp/cert02 -alias icloudfmi2 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
didn’t work for me - I’m guessing I was in the wrong folder (I tried /usr/lib/jvm/java-8-oracle). Am on Ubuntu 16.04
The-Elk
July 27, 2018, 8:19am
27
MANY THX, this DIR I also found, but I was not sure.
What I do step by step “for openhabian Users”:
connect via SSH to openhabian
echo -n | openssl s_client -servername fmipmobile.icloud.com -host fmipmobile.icloud.com -port 443 -prexit -showcerts 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/icloud2.crt
cd /tmp
csplit -f cert /tmp/icloud2.crt '/^-----BEGIN CERTIFICATE-----/' {*}
sudo su
cd /usr/lib/jvm/zulu-embedded-8-armhf
bin/keytool -importcert -file /tmp/cert01 -alias icloudfmi1 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
Trust the certificates with y
bin/keytool -importcert -file /tmp/cert02 -alias icloudfmi2 -trustcacerts -keystore ./jre/lib/security/cacerts -storepass changeit
Trust the certificates with y
systemctl stop openhab2
OPTIONAL
rm -r /var/lib/openhab2/cache/*
rm -r /var/lib/openhab2/tmp/*
reboot
13 Likes
Chri46
July 27, 2018, 10:09am
28
worked for me as well:
pi@openhab:~ $ echo -n | openssl s_client -servername fmipmobile.icloud.com -host fmipmobile.icloud.com -port 443 -prexit -showcerts 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/icloud2.crt
pi@openhab:~ $ more /tmp/icloud2.crt
-----BEGIN CERTIFICATE-----
MIIM3jCCC8agAwIBAgIISvXZk5bb3bQwDQYJKoZIhvcNAQELBQAwbTEnMCUGA1UE
AwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UE
BhMCVVMwHhcNMTgwNzIwMDUyNjM0WhcNMTkwODE5MDUyNjM0WjBXMR4wHAYDVQQD
DBVmbWlwbW9iaWxlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzAR
BgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0E13UJAfBba2Jwap4CC7KpM4nJiKRDNAceMYFhcdTxx8
3hxsK5WTdRKfB1Brp6s3Omo+ImNOj38O4TZfrX1+xMma0Znllim4lliqWV3b9gUy
SEm7RCAyiMSRez7CuHVND8Insb18NA+dQq3CoZvdCWCL+uibqY9fyw+p6+4Vhr91
0vBdQ6DER27eBwULcLmFD99SF78YLOg5g2UqwTfQCDoFVLXfJSYJaPGv7KV3yepu
xIfymlhz5U3dlirSpuDl/DhOGcPSHrar2zoWVzNUODjlfOFstIGtStzBCb5GK1NF
hSRi4CVztppDPEGMQK5HXtsKehts3jD8pjLsy8rc0wIDAQABo4IJljCCCZIwDAYD
VR0TAQH/BAIwADAfBgNVHSMEGDAWgBQsxW1S3THvjOwIge3f3MpDAEUB0DCCCMoG
A1UdEQSCCMEwggi9ghlwNTgtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDUtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNTQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjYtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDctZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMDItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDQtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwNTAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzktZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMjMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzUt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTAtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwNzMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzYtZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwNzAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTctZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMzMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDMtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwMjYtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzEtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMDctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDEtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwNDktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzYtZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMDUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTgt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTEtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwNjctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwOTctZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwMzAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzgtZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMzItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTctZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNzUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
MTktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwODAtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMTQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNjQtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwMDQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTItZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMjEtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzkt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTEtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwMDktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwOTgtZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwMDMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzctZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMTUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTUtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNzQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMjgtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMjctZm1pcG1vYmlsZS5pY2xvdWQuY29tghVmbWlwbW9iaWxlLmljbG91
ZC5jb22CGXAwMS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA0Ni1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXA0Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1OS1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA0OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA3
Ny1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAyMC1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAzOC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA3Mi1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXA2OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMS1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXAyNC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzNC1m
bWlwbW9iaWxlLmljbG91ZC5jb22CGXA0MC1mbWlwbW9iaWxlLmljbG91ZC5jb22C
GXA1Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2OS1mbWlwbW9iaWxlLmljbG91
ZC5jb22CGXAyOS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAxNi1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXA2MC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2MS1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA1My1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1
Ni1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAwNi1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAyNS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAyMi1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXAxMy1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAwOC1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXA2My1mbWlwbW9iaWxlLmljbG91ZC5jb20wEwYDVR0l
BAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5hcHBs
ZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2ExLmNybDAdBgNVHQ4EFgQUVJQzamy7Wisg
RDbUmfxNzz71GTUwDgYDVR0PAQH/BAQDAgWgMBEGCyqGSIb3Y2QGGwYCBAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEARJN28m3634z71Um4HXyQXH8rPVO/DNTJhndvIrZK
TBpAQO30JHCg1nRC+ImfaG88wYvUNKzBLMMctqPCCjaCFOKgrs9uMheHjonA1zgY
Y3VLXj7oo5po2Lc+NIoGvcCzjwxvhqHsvn8WSp3ntxocq3ppdDnEaHkYVkEcbvyQ
VZGdmQHlAH2mH0kE15HdaNQlrmZ4N8xGtG4e43qJBqVk9A0Tmr1LkSEliOvrTDtb
/bbgzOjrf9m0qx6kmpktOajm0cfjd4lcndJCa8UgcK5Ad1YADjaFYD3zEPoQfuNO
4REuBSq2SzvtRjaKY82Fkd3bPrQx2LE8a4RU6hg/9+oE2Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID+DCCAuCgAwIBAgIII2l0BK3LgxQwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTE0
MDMwODAxNTMwNFoXDTI5MDMwODAxNTMwNFowbTEnMCUGA1UEAwweQXBwbGUgU2Vy
dmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Jhawy4ercRWSjt+qPuGA11O6pGDM
fIVy9zB8CU9XDUr/4V7JS1ATAmSxvTk10dcEUcEY+iL6rt+YGNa/Tk1DEPoliJ/T
QIV25SKBtlRFc5qL45xIGoZ6w1Hi2pX4pH3bMN5sDsTF9WyY56b6VyAdGXN6Ds1j
D7cniC7hmmiCuEBsYxYkZivnsuJUfeeIOaIbgT4C0znYl3dKMgzWCgqzBJvxcm9j
qBUebDfoD9tTkNYpXLxqV5tGeAo+JOqaP6HYP/XbbqhsgrXdmTjsklaUpsVzJtGu
CLLGUueOdkuJuFQPbuDZQtsqZYdGFLuWuFe7UeaEE/cNobaJrHzRIXSrAgMBAAGj
gaYwgaMwHQYDVR0OBBYEFCzFbVLdMe+M7AiB7d/cykMARQHQMA8GA1UdEwEB/wQF
MAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wLgYDVR0fBCcw
JTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH/
BAQDAgEGMBAGCiqGSIb3Y2QGAgwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAj8QZ+
UEGBol7TcKRJka/YzGeMoSV9xJqTOS/YafsbQVtE19lryzslCRry9OPHnOiwW/Df
3SIlERWTuUle2gxmel7Xb/Bj1GWMxHpUfVZPZZr92sSyyLC4oct94EeoQBW4Fhnt
W2GO36rQzdI6wH46nyJO39/0ThrNk//Q8EVVZDM+1OXaaKATinYwJ9S/+B529vnD
AO+xg+pTbVw1xw0HAbr4Ybn+xZprQ2GBA+u6X3Cd6G+UJEvczpKoLqI1PONJ4BZ3
otxruY0YQrk2lkMyxst2mTU22FbGmF3Db6V+lcLVegoCIGZ4kvJnpCMN6Am9zCEx
EKC9vrXdTN1GA5mZ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIM3jCCC8agAwIBAgIISvXZk5bb3bQwDQYJKoZIhvcNAQELBQAwbTEnMCUGA1UE
AwweQXBwbGUgU2VydmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UE
BhMCVVMwHhcNMTgwNzIwMDUyNjM0WhcNMTkwODE5MDUyNjM0WjBXMR4wHAYDVQQD
DBVmbWlwbW9iaWxlLmljbG91ZC5jb20xEzARBgNVBAoMCkFwcGxlIEluYy4xEzAR
BgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA0E13UJAfBba2Jwap4CC7KpM4nJiKRDNAceMYFhcdTxx8
3hxsK5WTdRKfB1Brp6s3Omo+ImNOj38O4TZfrX1+xMma0Znllim4lliqWV3b9gUy
SEm7RCAyiMSRez7CuHVND8Insb18NA+dQq3CoZvdCWCL+uibqY9fyw+p6+4Vhr91
0vBdQ6DER27eBwULcLmFD99SF78YLOg5g2UqwTfQCDoFVLXfJSYJaPGv7KV3yepu
xIfymlhz5U3dlirSpuDl/DhOGcPSHrar2zoWVzNUODjlfOFstIGtStzBCb5GK1NF
hSRi4CVztppDPEGMQK5HXtsKehts3jD8pjLsy8rc0wIDAQABo4IJljCCCZIwDAYD
VR0TAQH/BAIwADAfBgNVHSMEGDAWgBQsxW1S3THvjOwIge3f3MpDAEUB0DCCCMoG
A1UdEQSCCMEwggi9ghlwNTgtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDUtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNTQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjYtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDctZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMDItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDQtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwNTAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzktZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMjMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzUt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTAtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwNzMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzYtZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwNzAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTctZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMzMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDMtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwMjYtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzEtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMDctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNDEtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwNDktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzYtZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMDUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTgt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTEtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwNjctZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwOTctZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwMzAtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNzgtZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMzItZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTctZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNzUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
MTktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwODAtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMTQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNjQtZm1pcG1vYmlsZS5p
Y2xvdWQuY29tghlwMDQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTItZm1pcG1v
YmlsZS5pY2xvdWQuY29tghlwMjEtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzkt
Zm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMTEtZm1pcG1vYmlsZS5pY2xvdWQuY29t
ghlwMDktZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwOTgtZm1pcG1vYmlsZS5pY2xv
dWQuY29tghlwMDMtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMzctZm1pcG1vYmls
ZS5pY2xvdWQuY29tghlwMTUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwNTUtZm1p
cG1vYmlsZS5pY2xvdWQuY29tghlwNzQtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlw
NjUtZm1pcG1vYmlsZS5pY2xvdWQuY29tghlwMjgtZm1pcG1vYmlsZS5pY2xvdWQu
Y29tghlwMjctZm1pcG1vYmlsZS5pY2xvdWQuY29tghVmbWlwbW9iaWxlLmljbG91
ZC5jb22CGXAwMS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA0Ni1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXA0Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1OS1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA0OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA3
Ny1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAyMC1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAzOC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA3Mi1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXA2OC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzMS1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXAyNC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAzNC1m
bWlwbW9iaWxlLmljbG91ZC5jb22CGXA0MC1mbWlwbW9iaWxlLmljbG91ZC5jb22C
GXA1Mi1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2OS1mbWlwbW9iaWxlLmljbG91
ZC5jb22CGXAyOS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAxNi1mbWlwbW9iaWxl
LmljbG91ZC5jb22CGXA2MC1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA2MS1mbWlw
bW9iaWxlLmljbG91ZC5jb22CGXA1My1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXA1
Ni1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAwNi1mbWlwbW9iaWxlLmljbG91ZC5j
b22CGXAyNS1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAyMi1mbWlwbW9iaWxlLmlj
bG91ZC5jb22CGXAxMy1mbWlwbW9iaWxlLmljbG91ZC5jb22CGXAwOC1mbWlwbW9i
aWxlLmljbG91ZC5jb22CGXA2My1mbWlwbW9iaWxlLmljbG91ZC5jb20wEwYDVR0l
BAwwCgYIKwYBBQUHAwEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5hcHBs
ZS5jb20vYXBwbGVzZXJ2ZXJhdXRoY2ExLmNybDAdBgNVHQ4EFgQUVJQzamy7Wisg
RDbUmfxNzz71GTUwDgYDVR0PAQH/BAQDAgWgMBEGCyqGSIb3Y2QGGwYCBAIFADAN
BgkqhkiG9w0BAQsFAAOCAQEARJN28m3634z71Um4HXyQXH8rPVO/DNTJhndvIrZK
TBpAQO30JHCg1nRC+ImfaG88wYvUNKzBLMMctqPCCjaCFOKgrs9uMheHjonA1zgY
Y3VLXj7oo5po2Lc+NIoGvcCzjwxvhqHsvn8WSp3ntxocq3ppdDnEaHkYVkEcbvyQ
VZGdmQHlAH2mH0kE15HdaNQlrmZ4N8xGtG4e43qJBqVk9A0Tmr1LkSEliOvrTDtb
/bbgzOjrf9m0qx6kmpktOajm0cfjd4lcndJCa8UgcK5Ad1YADjaFYD3zEPoQfuNO
4REuBSq2SzvtRjaKY82Fkd3bPrQx2LE8a4RU6hg/9+oE2Q==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID+DCCAuCgAwIBAgIII2l0BK3LgxQwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1BcHBsZSBSb290IENBMB4XDTE0
MDMwODAxNTMwNFoXDTI5MDMwODAxNTMwNFowbTEnMCUGA1UEAwweQXBwbGUgU2Vy
dmVyIEF1dGhlbnRpY2F0aW9uIENBMSAwHgYDVQQLDBdDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Jhawy4ercRWSjt+qPuGA11O6pGDM
fIVy9zB8CU9XDUr/4V7JS1ATAmSxvTk10dcEUcEY+iL6rt+YGNa/Tk1DEPoliJ/T
QIV25SKBtlRFc5qL45xIGoZ6w1Hi2pX4pH3bMN5sDsTF9WyY56b6VyAdGXN6Ds1j
D7cniC7hmmiCuEBsYxYkZivnsuJUfeeIOaIbgT4C0znYl3dKMgzWCgqzBJvxcm9j
qBUebDfoD9tTkNYpXLxqV5tGeAo+JOqaP6HYP/XbbqhsgrXdmTjsklaUpsVzJtGu
CLLGUueOdkuJuFQPbuDZQtsqZYdGFLuWuFe7UeaEE/cNobaJrHzRIXSrAgMBAAGj
gaYwgaMwHQYDVR0OBBYEFCzFbVLdMe+M7AiB7d/cykMARQHQMA8GA1UdEwEB/wQF
MAMBAf8wHwYDVR0jBBgwFoAUK9BpR5R2Cf70a40uQKb3R01/CF4wLgYDVR0fBCcw
JTAjoCGgH4YdaHR0cDovL2NybC5hcHBsZS5jb20vcm9vdC5jcmwwDgYDVR0PAQH/
BAQDAgEGMBAGCiqGSIb3Y2QGAgwEAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQAj8QZ+
UEGBol7TcKRJka/YzGeMoSV9xJqTOS/YafsbQVtE19lryzslCRry9OPHnOiwW/Df
3SIlERWTuUle2gxmel7Xb/Bj1GWMxHpUfVZPZZr92sSyyLC4oct94EeoQBW4Fhnt
W2GO36rQzdI6wH46nyJO39/0ThrNk//Q8EVVZDM+1OXaaKATinYwJ9S/+B529vnD
AO+xg+pTbVw1xw0HAbr4Ybn+xZprQ2GBA+u6X3Cd6G+UJEvczpKoLqI1PONJ4BZ3
otxruY0YQrk2lkMyxst2mTU22FbGmF3Db6V+lcLVegoCIGZ4kvJnpCMN6Am9zCEx
EKC9vrXdTN1GA5mZ
-----END CERTIFICATE-----
pi@openhab:~ $ csplit -f cert /tmp/icloud2.crt '/^-----BEGIN CERTIFICATE-----/' {*}
pi@openhab: sudo $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -alias fmip-icloud1-Root-CA -file cert01
pi@openhab: sudo $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -alias fmip-icloud2-Root-CA -file cert02
Trust both the certificates with y
pi@openhab:~ $ sudo systemctl stop openhab2.service
pi@openhab:~ $ sudo systemctl start openhab2.service
to restart openhab - removing the cache and tmp was not required.
Bucofski
July 27, 2018, 1:03pm
29
I tryed the tutorial above and that did work for my wife her account. on my account I have the following fault : Server returned HTTP response code: 401 for URL: https://fmipmobile.icloud.com/fmipservice/device/ (My email)/initClient. and before it did work… any ideas?
Bucofski
July 27, 2018, 1:14pm
30
Problem found. Had to change my psw.
Hi Alex et all,
here a way to achieve this on a windows system using a GUI tool instead of command line. I was able to conviniently add the new certificates using the KeyStore Explorer open source tool.
Install KeyStore Explorer and start it as admin.
Select “Open the CA Certificates KeyStore”.
In the “Examine” menu you can select the option to examine SSL.
Enter “fmipmobile.icloud.com ” as server to be examined. After a click to “OK” you should see the certificate tree (two certificates).
Select each of the certificates in the tree and click “Import”.
After you have imported both certificates you need to save the changes.
After a restart of openHAB the connection should work again.
with kind regards,
1 Like
