logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache 2.4.25 - key not certified with a trusted signature
Author
timonroe



Joined: 30 Dec 2016
Posts: 2
Location: United States, Saratoga Springs

PostPosted: Sat 31 Dec '16 20:03    Post subject: Apache 2.4.25 - key not certified with a trusted signature Reply with quote

Steps:
* From this page: https://www.apachelounge.com/download/
* Downloaded version 2.4.25 for Win64
* Downloaded the PGP signature file and the public PGP key file
* Ran the gpg utility:
* gpg --import Steffen_Land.asc
* Got the following message:
<<<
gpg: error loading `iconv.dll': The specified module could not be found.
gpg: please see http://www.gnupg.org/download/iconv.html for more information
gpg: key 29C17558: public key "Steffen Land (Apache Lounge) <info@apachelounge.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
>>>
* gpg --verify httpd-2.4.25-win64-VC14.zip.asc
* Got the following message:
<<<
gpg: error loading `iconv.dll': The specified module could not be found.
gpg: please see http://www.gnupg.org/download/iconv.html for more information
gpg: Signature made 12/20/16 04:01:07 using RSA key ID 29C17558
gpg: Good signature from "Steffen Land (Apache Lounge) <info@apachelounge.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
>>>

Can someone tell me if I'm doing this incorrectly or if there's a problem with the signature.

Thanks for your help.

Tim
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Sat 31 Dec '16 20:25    Post subject: Reply with quote

Have a look how to verify : https://httpd.apache.org/dev/verification.html
Back to top
timonroe



Joined: 30 Dec 2016
Posts: 2
Location: United States, Saratoga Springs

PostPosted: Sat 31 Dec '16 21:26    Post subject: Reply with quote

Thanks for pointing me to the document...

I just ran all of the steps listed (including the 'gpg --fingerprint' and 'gpg --list-sigs'), but when I run:
'gpg --verify httpd-2.4.25-win64-VC14.zip.asc httpd-2.4.25-win64-VC14.zip'

I still get the warning message:
<<<
gpg: Signature made 12/20/16 04:01:07 using RSA key ID 29C17558
gpg: Good signature from "Steffen Land (Apache Lounge) <info@apachelounge.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
>>>

The '--fingerprint' command returns:
<<<
pub 4096R/29C17558 2013-12-29
Key fingerprint = 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
uid Steffen Land (Apache Lounge) <info@apachelounge.com>
sub 4096R/BC11F6FE 2013-12-29
>>>

The '--list-sigs' command returns:
<<<
....
pub 4096R/29C17558 2013-12-29
uid Steffen Land (Apache Lounge) <info@apachelounge.com>
sig 3 29C17558 2013-12-29 Steffen Land (Apache Lounge) <info@apachelounge.com>
sub 4096R/BC11F6FE 2013-12-29
sig 29C17558 2013-12-29 Steffen Land (Apache Lounge) <info@apachelounge.com>
>>>

From the document, I was expecting the '--verify' command to return a "Good signature... " response.

Can you see what I'm doing wrong?

Thanks again.

Tim
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Sat 31 Dec '16 21:59    Post subject: Reply with quote

Please read at above link at heading : Validating Authenticity of a Key

The key is ok, see http://pgp.mit.edu. search with apachlounge
Back to top


Reply to topic   Topic: Apache 2.4.25 - key not certified with a trusted signature View previous topic :: View next topic
Post new topic   Forum Index -> Apache