MacOs Monterrey Nexu start

[nachoUC3M]

I have a certificate on a smart card, my MacOs Monterrey operating system recognizes it well but with Nexu something doesn't work because it doesn't recognize that keystore. When I start the application in the terminal it returns the following error, also I get a window indicating "Error when trying to install certificate - An error occurred when NexU tried to install certificate in Firefox - Contact the application provider if the issue persists".

java -Djavafx.preloader=lu.nowina.nexu.NexUPreLoader -Dglass.accessible.force=false -jar nexu.jar

2022-11-02 14:14:17,474 [INFO|lu.nowina.nexu.NexuLauncher|NexuLauncher|main] No http://127.0.0.1:9795/nexu-info detected, Connection refused (Connection refused) 2022-11-02 14:14:17,945 [INFO|lu.nowina.nexu.NexUApp|NexUApp|JavaFX Application Thread] Load database from /Users/nacho/.NexU/store.xml 2022-11-02 14:14:18,226 [INFO|lu.nowina.nexu.APIBuilder|APIBuilder|JavaFX Application Thread] + Plugin lu.nowina.nexu.keystore.KeystorePlugin 2022-11-02 14:14:18,232 [INFO|lu.nowina.nexu.APIBuilder|APIBuilder|JavaFX Application Thread] + Plugin lu.nowina.nexu.https.HttpsPlugin 2022-11-02 14:14:18,237 [INFO|lu.nowina.nexu.https.HttpsPlugin|HttpsPlugin|JavaFX Application Thread] Verify if keystore is ready 2022-11-02 14:14:59,617 [WARN|lu.nowina.nexu.https.HttpsPlugin|HttpsPlugin|JavaFX Application Thread] Exception when trying to install certificate in Firefox lu.nowina.nexu.NexuException: Batch script returned 255 when trying to install CA certificate in Firefox. Output: certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization.

at lu.nowina.nexu.https.HttpsPlugin.installCaCertInFirefoxForMac(HttpsPlugin.java:337)
at lu.nowina.nexu.https.HttpsPlugin.installCaCert(HttpsPlugin.java:242)
at lu.nowina.nexu.https.HttpsPlugin.init(HttpsPlugin.java:136)
at lu.nowina.nexu.APIBuilder.buildAndRegisterPlugin(APIBuilder.java:92)
at lu.nowina.nexu.APIBuilder.initPlugins(APIBuilder.java:82)
at lu.nowina.nexu.NexUApp.buildAPI(NexUApp.java:90)
at lu.nowina.nexu.NexUApp.start(NexUApp.java:63)
at com.sun.javafx.application.LauncherImpl.lambda$launchApplication1$8(LauncherImpl.java:863)
at com.sun.javafx.application.PlatformImpl.lambda$runAndWait$7(PlatformImpl.java:326)
at com.sun.javafx.application.PlatformImpl.lambda$null$5(PlatformImpl.java:295)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.javafx.application.PlatformImpl.lambda$runLater$6(PlatformImpl.java:294)
at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(InvokeLaterDispatcher.java:95)

2022-11-02 14:14:59,667 [INFO|lu.nowina.nexu.APIBuilder|APIBuilder|JavaFX Application Thread] + Plugin lu.nowina.nexu.rest.RestHttpPlugin 2022-11-02 14:14:59,669 [INFO|lu.nowina.nexu.APIBuilder|APIBuilder|JavaFX Application Thread] + Plugin lu.nowina.nexu.windows.keystore.WindowsKeystorePlugin 2022-11-02 14:14:59,671 [WARN|lu.nowina.nexu.NexUPreLoader|NexUPreLoader|JavaFX Application Thread] PreLoaderMessage: type = WARNING, title = Error when trying to install certificate, header = An error occurred when NexU tried to install certificate in FireFox., content = Contact the application provider if the issue persists. 2022-11-02 14:16:26,937 [INFO|lu.nowina.nexu.NexUApp|NexUApp|JavaFX Application Thread] Start Jetty`

[anddam]

I stumbled on it while trying to use the nexu bundle on an aarch64 (not the happiest experience).

Your issue is likely due to a Firefox profile keeping some old certutil db, there's a compressed archive for linux and mac in the source tree, that archive has the scripts taking care or setting up the keystores, On macOS this is done against Firefox and the system Keychain services.

Luckily there's nothing signed in this whole shebang (because, why would you even sign binary nowadays?) so you can extract the jar, replace the zipball with a slightly modified one and it'll go to town.

I haven't checked the Keychain issue yet, while I was on the job I got told "don't bother, this is too complicated we are not going to use nexu" so I dropped it, but if you are still facing the issue we can check how that works.

Side note for mac users: you can use a 1.8 x86 JRE on aarch64 just fine with Rosetta, so the nexu-bundle is still useful, just take the jar and start it with a POSIX shell script rather than the cmd one provided.

If you try to use a modern JRE that has proper support for aarch64 you'll meet issues with APIs that have since been dropped from Java SE.