[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: certificate problems and 403 Forbidden for svn 0.25.0

From: Garret Wilson <garret_at_globalmentor.com>
Date: 2003-07-21 02:12:26 CEST

Tobias Ringstrom wrote:
> If you have lots of users you should probably get a real certificate,
> but if that is not an option you can create a small installer that
> modifies the servers file as in my example.
> I'll try to explaing why I think that it's more secure to use the
> ssl-authorities-file directive. If you have a real (not self-signed)
> certificate, then the client accepts it because it is signed by one of
> the CAs in the openssl list (/usr/share/ssl/cert.pem on my system). You
> will not get a warning unless something is *really* wrong.

Uh, oh, the problem is even worse than I thought. The thing is, I *do*
have a real certificate. Check for yourself: browse to
https://svn.globalmentor.com/test/ and enter:

username: bcs
password: svn

Then check the certificate information. I have a valid InstantSSL
certificate. As I mentioned in an earlier e-mail, InstantSSL has some
relationship with Baltimore Technologies that uses "a new Root CA
Certificate" that is "trusted by over 99.3% of all current browsers...,
now equal to Verisign and Thawte" according to
. This also requires that I install some CA file on my web server, so
maybe neon has some problems with this extra CA step---but it works fine
with every browser I've used.

So I shouldn't even see the prompts in the first place. What's wrong?


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jul 21 02:14:49 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.