[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssl-authorities-file

From: John Locke <mail_at_freelock.com>
Date: 2003-08-08 23:19:18 CEST

jstewart@pobox.com wrote:

> Thanks for replying.
>
>
>> You're confusing the meaning of 'ssl-authorities-file'. It means, "which
>> CA's do I trust?" It's supposed point to the certificate of the
>> *CA* that
>> signed the server cert, not to the server cert itself.
>
>
> I'll not dispute this. However, my certificate is signed by GeoTrust.
> I went to their website (www.geotrust.com <http://www.geotrust.com/>)
> and downloaded their certificate. I changed by servers file to point
> to it and still no joy.
>
You're still confusing the Certificate Authority with the Certificate.

You state in your original email:

> As best as I can understand it, this is caused because my certificate
> has the name "foobar.net" in it but the actual name is "dev.foobar.net".

That sounds like the problem.

In your configuration, all you did was tell Subversion to trust the
Geotrust Certificate Authority to authenticate server certificates--but
your server certificate doesn't match the server, so Subversion
continues to fail.

You can either generate a certificate for dev.foobar.net, sign by
Geotrust (or create your own CA to sign your certificates, and copy your
CA's certificate to c:\foobar.net.crt), and install it in your web
server, or use the ssl-ignore-host-mismatch option in Subversion.

Cheers,
John

P.S. This sounds like it belongs on the Users list, not the Dev list...

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 8 23:20:07 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.