Unable to import Root CA certificate for Dynamic SSL Certificates
164 views
Skip to first unread message
Bill
Mar 12, 2019, 10:38:43 PM3/12/19
to OWASP ZAP User Group
ZAP Version: 2.7.0 (installed from Linux package)
OS: Ubuntu 18.04.2 LTS
Java: openjdk version "10.0.2" 2018-07-17
OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)OpenJDK 64-Bit Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4, mixed mode)
I am attempting to import the Root CA that my company uses on our production proxies for transparent SSL decryption. The certificate is stored in a pem file with the unencrypted private key in the format outline in the user guide entry for Dynamic SSL Certificates. I have used this certificate with MITMProxy before and it works. I have tried this with an alternative CA that I have confirmed works and it yields the same result.
Steps to recreate the issue:
- Open the Options menu and select the menu entry for "Dynamic SSL Certificates."
- Click import and confirm "Yes" to overwrite existing certificate.
- Navigate to the directory containing the certificate, select the certificate file and click "Open."
- No warnings or alerts are presented by the GUI, but the certificate is not imported.
- The following exception is logged in the terminal:
29518 [AWT-EventQueue-0] INFO org.zaproxy.zap.extension.dynssl.DynamicSSLPanel - Loading Root CA certificate from /path/to/certificate.pem29560 [AWT-EventQueue-0] ERROR org.zaproxy.zap.ZAP$UncaughtExceptionLogger - Exception in thread "AWT-EventQueue-0"java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverterat org.zaproxy.zap.extension.dynssl.SslCertificateUtils.parseDERFromPEM(SslCertificateUtils.java:280)at org.zaproxy.zap.extension.dynssl.SslCertificateUtils.extractCertificate(SslCertificateUtils.java:231)at org.zaproxy.zap.extension.dynssl.DynamicSSLPanel.convertPemFileToKeyStore(DynamicSSLPanel.java:344)at org.zaproxy.zap.extension.dynssl.DynamicSSLPanel.doImport(DynamicSSLPanel.java:301)at org.zaproxy.zap.extension.dynssl.DynamicSSLPanel.access$500(DynamicSSLPanel.java:63)at org.zaproxy.zap.extension.dynssl.DynamicSSLPanel$5.actionPerformed(DynamicSSLPanel.java:157)at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967)at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308)at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)at java.desktop/javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:270)at java.desktop/java.awt.Component.processMouseEvent(Component.java:6589)at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)at java.desktop/java.awt.Component.processEvent(Component.java:6354)at java.desktop/java.awt.Container.processEvent(Container.java:2261)at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4966)at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2319)at java.desktop/java.awt.Component.dispatchEvent(Component.java:4798)at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4914)at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4543)at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4484)at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2305)at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)at java.desktop/java.awt.Component.dispatchEvent(Component.java:4798)at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)at java.desktop/java.awt.EventQueue.access$600(EventQueue.java:97)at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)at java.base/java.security.AccessController.doPrivileged(Native Method)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)at java.base/java.security.AccessController.doPrivileged(Native Method)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:117)at java.desktop/java.awt.WaitDispatchSupport$2.run(WaitDispatchSupport.java:190)at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:235)at java.desktop/java.awt.WaitDispatchSupport$4.run(WaitDispatchSupport.java:233)at java.base/java.security.AccessController.doPrivileged(Native Method)at java.desktop/java.awt.WaitDispatchSupport.enter(WaitDispatchSupport.java:233)at java.desktop/java.awt.Dialog.show(Dialog.java:1070)at java.desktop/java.awt.Component.show(Component.java:1674)at java.desktop/java.awt.Component.setVisible(Component.java:1621)at java.desktop/java.awt.Window.setVisible(Window.java:1031)at java.desktop/java.awt.Dialog.setVisible(Dialog.java:1005)at org.parosproxy.paros.extension.AbstractDialog.setVisible(AbstractDialog.java:139)at org.parosproxy.paros.view.AbstractParamDialog.showDialog(AbstractParamDialog.java:361)at org.parosproxy.paros.control.MenuToolsControl.options(MenuToolsControl.java:71)at org.parosproxy.paros.control.MenuToolsControl.options(MenuToolsControl.java:63)at org.parosproxy.paros.view.MainMenuBar$3.actionPerformed(MainMenuBar.java:232)at java.desktop/javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1967)at java.desktop/javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2308)at java.desktop/javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:405)at java.desktop/javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:262)at java.desktop/javax.swing.AbstractButton.doClick(AbstractButton.java:369)at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI.doClick(BasicMenuItemUI.java:980)at java.desktop/javax.swing.plaf.basic.BasicMenuItemUI$Handler.mouseReleased(BasicMenuItemUI.java:1024)at java.desktop/java.awt.Component.processMouseEvent(Component.java:6589)at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3342)at java.desktop/java.awt.Component.processEvent(Component.java:6354)at java.desktop/java.awt.Container.processEvent(Container.java:2261)at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:4966)at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2319)at java.desktop/java.awt.Component.dispatchEvent(Component.java:4798)at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4914)at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4543)at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4484)at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2305)at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2772)at java.desktop/java.awt.Component.dispatchEvent(Component.java:4798)at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:772)at java.desktop/java.awt.EventQueue.access$600(EventQueue.java:97)at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721)at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715)at java.base/java.security.AccessController.doPrivileged(Native Method)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:745)at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:743)at java.base/java.security.AccessController.doPrivileged(Native Method)at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:87)at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:742)at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203)at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124)at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113)at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109)at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101)at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)Caused by: java.lang.ClassNotFoundException: javax.xml.bind.DatatypeConverterat java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:583)at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:190)at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:499)... 92 more
thc...@gmail.com
Mar 13, 2019, 3:17:30 PM3/13/19
to zaprox...@googlegroups.com
Hi.
(For the record, I guess you are the author of the issue?)
This is fixed in the weekly releases, this happens with newer Java
versions (9+). You can either use the weekly release or use Java 8 with
2.7.0.
Best regards.
On 13/03/2019 02:38, Bill wrote:
> ZAP Version: 2.7.0 (installed from Linux package)
> OS: Ubuntu 18.04.2 LTS
> Java: openjdk version "10.0.2" 2018-07-17
>
> OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)
> OpenJDK 64-Bit Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4, mixed
> mode)
>
>
>
> I am attempting to import the Root CA that my company uses on our
> production proxies for transparent SSL decryption. The certificate is
> stored in a pem file with the unencrypted private key in the format outline
> in the user guide entry for Dynamic SSL Certificates. I have used this
> certificate with MITMProxy before and it works. I have tried this with an
> alternative CA that I have confirmed works and it yields the same result.
>
> Steps to recreate the issue:
>
> 1. Open the Options menu and select the menu entry for "Dynamic SSL
> Certificates."
> 2. Click import and confirm "Yes" to overwrite existing certificate.
> 3. Navigate to the directory containing the certificate, select the
> is not imported.
> 5. The following exception is logged in the terminal:
(For the record, I guess you are the author of the issue?)
This is fixed in the weekly releases, this happens with newer Java
versions (9+). You can either use the weekly release or use Java 8 with
2.7.0.
Best regards.
On 13/03/2019 02:38, Bill wrote:
> ZAP Version: 2.7.0 (installed from Linux package)
> OS: Ubuntu 18.04.2 LTS
> Java: openjdk version "10.0.2" 2018-07-17
>
> OpenJDK Runtime Environment (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4)
> OpenJDK 64-Bit Server VM (build 10.0.2+13-Ubuntu-1ubuntu0.18.04.4, mixed
> mode)
>
>
>
> I am attempting to import the Root CA that my company uses on our
> production proxies for transparent SSL decryption. The certificate is
> stored in a pem file with the unencrypted private key in the format outline
> in the user guide entry for Dynamic SSL Certificates. I have used this
> certificate with MITMProxy before and it works. I have tried this with an
> alternative CA that I have confirmed works and it yields the same result.
>
> Steps to recreate the issue:
>
> Certificates."
> 2. Click import and confirm "Yes" to overwrite existing certificate.
> 3. Navigate to the directory containing the certificate, select the
> certificate file and click "Open."
> 4. No warnings or alerts are presented by the GUI, but the certificate
> is not imported.
> 5. The following exception is logged in the terminal:
Reply all
Reply to author
Forward
0 new messages