[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[TSVN] OT: Creating client certificates (Was: server with client certificates needed for testing)

From: Jani Averbach <jaa_at_jaa.iki.fi>
Date: 2004-10-06 17:30:40 CEST

On 2004-10-06 12:01+0200, Hermann Voßeler wrote:

Hello list,
>
> here at our developement team at baaderbank.de we use such a setup.
> Sorry, I see no way to give you access, because it is impossible
> to let you in from internet (of course :-; ). But maybe I can help
> Milen with creating the client certificates.
> I often wondered, if this sort of setup is rather uncommon? We
> didn't find much ressources on this topic. Everyone seems to use
> basic auth and a user/passwd file and manages everything by hand...
>
> Milen: is your apache runing on linux or the like?
> If this would be the case, I could help. It is not so complicated,
> because the usual apche RPMS provide a makefile for creating keys
> and certificates.

I tried to do that (to create client cert based auth scheme), but
didn't succeed.

Here is what I did:

Pre:
- I have a CA
- I hava a working SVN server with HTTP-SSL
- I have a certificate for that server

This part has been working ok.

Client certificates:

1) I created a client key
2) I created a client certificate request
3) I signed that request with my CA
4) I converted client certificate to PKCS#12 format

I set my CA as trusted authority in my web browsers and SVN client
(don that before, and this has worked), I also imported my client p12
certificate to the SVN and my browsers.

I configured Apache to require client cert, and pointed it to the
CA.crt file.

Now if I try to access a location which needs the client sertificate,
all what I get is that:

The client:
svn: PROPFIND request failed on '/test/client-crt-1'
svn: PROPFIND of '/test/client-crt-1': Could not read status line:
SSL error: sslv3 alert unexpected message (https://svn.jaa.iki.fi)

And Server's error log:
[error] Re-negotiation handshake failed: Not accepted by client!?

The same is true if I try to access any client cert protected
location, no matter if it is a DAV or ordinary location, with SVN or
browser. So the cert isn't working.

I found following links but without any avail
http://www.contactor.se/~dast/svn/archive-2004-02/0181.shtml
http://www.vanemery.com/Linux/Apache/apache-SSL.html

Any ideas what I am doing wrong?

Thanks,
Jani 

-- 
Jani Averbach
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Oct 6 18:32:18 2004

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.