Announcement

What version of Stata are you using? Show us the first two lines of results running the about command.

About my Stata:


Stata/IC 16.1 for Windows (64-bit x86-64)
Revision 01 Sep 2020

This server's certificate chain is incomplete. The site uses a Thawte certificate to facilitate secure transmission, which [_{is probably distrusted and}] requires an extra download.

Details [external links] here: https://www.wordfence.com/blog/2018/...cates-ssl-tls/ ,
here: https://knowledge.digicert.com/alert...placement.html , and elsewhere on the net.

You can still download from the browser if you decide to disregard the warning that it is not in fact secure.

Is there a way to download the certificate "to tell Stata" download the information despite it not a secure connection?

Afaik, Stata is using its own Java VM, which means it probably is not looking at the system Java VM settings.
My sense is that it should be possible, but likely will involve manual reconfiguration of the VM supplied with Stata. See around the net.properties file:

...\Stata16\utilities\java\windows-x64\zulu-jre11.0.3\conf\net.properties

This is not documented from Stata's side, but you can have more luck from the Java forums.
This looks supportive, though probably outdated:
https://bhaskarvk.github.io/2008/05/...em-properties/

Miguel Gonzalez presuming you have write access to the Stata installation directory, you can import the Thawte RSA key to the certificate store used by Stata's Java installation. Type the following commands within Stata:

You will be prompted by the keytool for the keystore password which by default is "changeit". You will need to relaunch Stata to reinitialize Java but your command:

should no longer issue the error.

-Pete

Hello Pete Huckelba (StataCorp) ,

I am trying to follow the instruction you've provided above on installing a custom certificate for the Java VM in Stata 18.

FIRST:

I am running the command
I am getting a black screen (windows command console) which doesn't interact at all (no prompt, no typing, nothing) and when I am closing it, I receive a prompt in Stata's output window asking for the password (message: Enter keystore password), but which is immediately followed by a dot, indicating the command is no longer waiting for the input, but rather the next command is expected at this point.

I would like to understand if:
1) the process/syntax is still the same in Stata 18; (or should I use e.g. the -importcert option as in keytool doc??)
2) this is possibly a bug that requires an update/patch/something else;
3) whether this is consistent with the "lack of writing access", which is not a clear-cut YES/NO in my case, but follows much more complicated permissions model.

SECOND: you wrote the default password is "changeit" which tells me it is important to change it. How exactly this can be done, and whose responsibility is this (the Stata user or the system administrator?)

THIRD: how would one check if other certificates were already imported and what they are?

I've tried
If that is the actual storage, I definitely should have access rights to manipulate it within my user's directory (relevant to #3 in FIRST above).
Is there any ecosystem of these keystores which will be given some precedence (like machine keystore, user keystore, current directory keystore) or there is only a single global one? (perhaps in a volatile position, pointed elsewhere). If the latter, then why is it that one needs to specify the PATH to the keystore to view it, but the system doesn't ask the PATH when it needs to use it? (I hope it is clear)

Thank you very much, Sergiy Radyakin

PS: I confirm the certificate I am trying to import is having "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines and the base64-encoded content there 'makes sense' when being decoded with outside tools, at least I do recognize the relevant issuer, etc, so I don't expect any issue with the certificate itself.