Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4.25 - key not certified with a trusted signature |
|
| Author |
|
timonroe
Joined: 30 Dec 2016
Posts: 2
Location: United States, Saratoga Springs
|
 Posted: Sat 31 Dec '16 20:03 Post subject: Apache 2.4.25 - key not certified with a trusted signature |
 |
|
Steps:
* From this page: https://www.apachelounge.com/download/
* Downloaded version 2.4.25 for Win64
* Downloaded the PGP signature file and the public PGP key file
* Ran the gpg utility:
* gpg --import Steffen_Land.asc
* Got the following message:
<<<
gpg: error loading `iconv.dll': The specified module could not be found.
gpg: please see http://www.gnupg.org/download/iconv.html for more information
gpg: key 29C17558: public key "Steffen Land (Apache Lounge) <info@apachelounge.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
>>>
* gpg --verify httpd-2.4.25-win64-VC14.zip.asc
* Got the following message:
<<<
gpg: error loading `iconv.dll': The specified module could not be found.
gpg: please see http://www.gnupg.org/download/iconv.html for more information
gpg: Signature made 12/20/16 04:01:07 using RSA key ID 29C17558
gpg: Good signature from "Steffen Land (Apache Lounge) <info@apachelounge.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
>>>
Can someone tell me if I'm doing this incorrectly or if there's a problem with the signature.
Thanks for your help.
Tim |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 677
|
|
| Back to top |
|
timonroe
Joined: 30 Dec 2016
Posts: 2
Location: United States, Saratoga Springs
|
| Posted: Sat 31 Dec '16 21:26 Post subject: |
|
|
Thanks for pointing me to the document...
I just ran all of the steps listed (including the 'gpg --fingerprint' and 'gpg --list-sigs'), but when I run:
'gpg --verify httpd-2.4.25-win64-VC14.zip.asc httpd-2.4.25-win64-VC14.zip'
I still get the warning message:
<<<
gpg: Signature made 12/20/16 04:01:07 using RSA key ID 29C17558
gpg: Good signature from "Steffen Land (Apache Lounge) <info@apachelounge.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
>>>
The '--fingerprint' command returns:
<<<
pub 4096R/29C17558 2013-12-29
Key fingerprint = 3D49 885E ADE8 BC39 9F46 D5DD BEE8 8A78 29C1 7558
uid Steffen Land (Apache Lounge) <info@apachelounge.com>
sub 4096R/BC11F6FE 2013-12-29
>>>
The '--list-sigs' command returns:
<<<
....
pub 4096R/29C17558 2013-12-29
uid Steffen Land (Apache Lounge) <info@apachelounge.com>
sig 3 29C17558 2013-12-29 Steffen Land (Apache Lounge) <info@apachelounge.com>
sub 4096R/BC11F6FE 2013-12-29
sig 29C17558 2013-12-29 Steffen Land (Apache Lounge) <info@apachelounge.com>
>>>
From the document, I was expecting the '--verify' command to return a "Good signature... " response.
Can you see what I'm doing wrong?
Thanks again.
Tim |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 677
|
| Posted: Sat 31 Dec '16 21:59 Post subject: |
|
|
Please read at above link at heading : Validating Authenticity of a Key
The key is ok, see http://pgp.mit.edu. search with apachlounge |
|
| Back to top |
|
|
|
|
|
|
