OpenStreetMap
Openrefine needs Nominatim certificates
Posted by Cascafico on 1 February 2019 in Italian (Italiano).I was trying to geocode addresses via Nominatim, using the OpenRefine function “fetch from URL”, but I got empty strings. I re-run it, checking “store error box” and I got the problem: certificate was not recognized or missing. A little confusion: why browser happly donwloaded geocoding rresponses, while OR didn’t?
OR rely on Java funcions to do the job, so I had to fix certificate issue in the following way:
-
get certificate:
$ openssl x509 -in <(openssl s_client -connect nominatim.openstreetmap.org:443 -prexit 2>/dev/null) -out /tmp/nominatim.crt -
store it:
$ keytool -import -file /tmp/nominatim.crt -keystore cacerts -storepass changeit -
If keytools complains about finding cacert:
$ find / -name cacerts -print
/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/jre/lib/security/cacerts
(in my raspbian Java installation)
Discussion
Comment from SomeoneElse on 1 February 2019 at 15:22
It looks like “nominatim.openstreetmap.org” just uses a regular LetsEncrypt certificate that expires every 90 days. It expires on 7th March so may get renewed on 7th Feb.
Perhaps moving to a version of Java that supported LetsEncrypt directly rather than having to insert into cacerts ach time might be a better option? See https://letsencrypt.org/docs/certificate-compatibility/ .