marcofalcioni · December 13, 2020 20:36
diff --git a/gistfile1.txt b/gistfile1.txt
 # I will use the Arduino application as an example, as I encountered this error while doing some projects at home.
 # I think that this method will work with most Java based apps, but YMMV
 # I assume you have access to a Unix terminal and basic knowledge of how to use it.

 # Step 1: get the certificates from the website you have trouble with

 openssl s_client -showcerts -verify 5 -connect downloads.arduino.cc:443 < /dev/null

 # This will output a verbose list of a series of certificates (a chain), which is used to establish trust.
 # Each certificate starts with a BEGIN CERTIFICATE line and ends with an END CERTIFICATE line. These are part of the certificate.
 # Create a file for each certificate, and name it something reasonable.  I created three text files called
 # cisco_root.crt, cisco_primary.crt and cisco_secondary.crt with the output from the openssl command.

 # Step 2: find the cacert file for the Java runtime bundled with you application.  Usually this is part of the application bundle
 # installed in the /Applications folder.  E.g.:
 # /Applications/Arduino.app/Contents/PlugIns/jre8u252-b09.jre/Contents/Home/lib/security

 # create a backup of the cacert file

 cp cacert cacert.bak

 # Step 3: add the certificates using the keytool

 # the cacert default password is: changeit
 # all lowercase

 keytool -import -trustcacerts -alias cisco_root -file ~/Documents/CiscoCrt/cisco_umbrella_root.crt -keystore cacerts
 keytool -import -trustcacerts -alias cisco_primary -file ~/Documents/CiscoCrt/cisco_umbrella_primary.crt -keystore cacerts
 keytool -import -trustcacerts -alias cisco_secondary -file ~/Documents/CiscoCrt/cisco_umbrella_secondary.crt -keystore cacerts

 # Step 4: Restart the arduino app, and you should now be able to load the library file!
	# I will use the Arduino application as an example, as I encountered this error while doing some projects at home.
	# I think that this method will work with most Java based apps, but YMMV
	# I assume you have access to a Unix terminal and basic knowledge of how to use it.

	# Step 1: get the certificates from the website you have trouble with

	openssl s_client -showcerts -verify 5 -connect downloads.arduino.cc:443 < /dev/null

	# This will output a verbose list of a series of certificates (a chain), which is used to establish trust.
	# Each certificate starts with a BEGIN CERTIFICATE line and ends with an END CERTIFICATE line. These are part of the certificate.
	# Create a file for each certificate, and name it something reasonable. I created three text files called
	# cisco_root.crt, cisco_primary.crt and cisco_secondary.crt with the output from the openssl command.

	# Step 2: find the cacert file for the Java runtime bundled with you application. Usually this is part of the application bundle
	# installed in the /Applications folder. E.g.:
	# /Applications/Arduino.app/Contents/PlugIns/jre8u252-b09.jre/Contents/Home/lib/security

	# create a backup of the cacert file

	cp cacert cacert.bak

	# Step 3: add the certificates using the keytool

	# the cacert default password is: changeit
	# all lowercase

	keytool -import -trustcacerts -alias cisco_root -file ~/Documents/CiscoCrt/cisco_umbrella_root.crt -keystore cacerts
	keytool -import -trustcacerts -alias cisco_primary -file ~/Documents/CiscoCrt/cisco_umbrella_primary.crt -keystore cacerts
	keytool -import -trustcacerts -alias cisco_secondary -file ~/Documents/CiscoCrt/cisco_umbrella_secondary.crt -keystore cacerts

	# Step 4: Restart the arduino app, and you should now be able to load the library file!