[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [TSVN] server with client certificates needed for testing

From: Milen A. Radev <milen_at_radev.net>
Date: 2004-10-06 12:10:32 CEST

> Stefan wrote:
>>> I still need someone to set up such a server for me. I have the code to
>>> store the client certificate path and password ready for testing (I
>>> think it works, but without having tested it...) -
> ...
>>> Is no one around who has such a server already set up and could give me
>>> access to it for some time?
>
> Milen A. Radev wrote:
>> Well I have a server with Subversion 1.1.0 - the problem is with the
>> client certificate - I have almost no idea how to create them and how
>> to configure the server to request them.
>
> Hello,
>
> here at our developement team at baaderbank.de we use such a setup.
> Sorry, I see no way to give you access, because it is impossible
> to let you in from internet (of course :-; ). But maybe I can help
> Milen with creating the client certificates.
> I often wondered, if this sort of setup is rather uncommon? We
> didn't find much ressources on this topic. Everyone seems to use
> basic auth and a user/passwd file and manages everything by hand...
>
> Milen: is your apache runing on linux or the like?
> If this would be the case, I could help. It is not so complicated,
> because the usual apche RPMS provide a makefile for creating keys
> and certificates.

Yes, Slackware Linux and Apache 2.0.49. OK, so I managed to create (new)
server and a client certificate. Now remains the hardest part - configuring
Apache to require client certs for a "Location".

The existing config is (something like) this:

<Location /svn>
  DAV svn
  SVNParentPath /svn
  AuthType Basic
  AuthName "Subversion Repositories at ..."
  AuthUserFile /svn/svn.users
  Require valid-user
</Location>

Should be something like this:

SSLVerifyClient none
SSLCACertificateFile conf/ssl.crt/ca.crt

<Location /svn>
  DAV svn
  SVNParentPath /svn
  SSLVerifyClient require
 SSLVerifyDepth 1
</Location>

Milen A. Radev

>
> Regards,
> Hermann Vosseler

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Oct 6 13:18:20 2004

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.