[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Error validating server certificate

From: John Peacock <john.peacock_at_havurah-software.org>
Date: Mon, 26 May 2008 20:28:27 -0400

Robert Denton wrote:
> selecting p (for permanent acceptance) doesn't seem to do anything, and
> I am wondering if that is because the entity actually having a problem
> with the certificate is the remote server. Oddly, logging onto the
> remote server, I can pull up the repo in a browser with not certificate
> complaints whatsoever.

Remember that on Windows, each user can have completely independent security
settings, etc., so the only way to validate this fully is to attempt to perform
any testing as the remote user that is performing the update, not as yourself.

> What can I do so that the remote server does not complain about the
> certificate? I should not that the certs as well as the intermediate
> cert are correctly configured in the apache server on the linux based
> svn repository server. Any ideas?

The Comodo Trusted Root Certificate (Root CA) is apparently not installed in the
default ca-bundle.crt that OpenSSL uses. The reason you don't see that problem
when logged in as an ordinary Windows user is that Windows ships with a large
number of Root CA's already imported.

You are using Cygwin's SSL, but I don't know where the ca-bundle.crt file might
live. You can look under /etc (when logged in as the Cygwin user). Then you
just need to download the Comodo bundled cert file:


and append that text to the ca-bundle.crt file that you found. You probably
already had to do this to install the certificate on the Subversion server itself.

However, if you can access the Subversion server without a certificate inside
your network, you can also use the tunneling options of SVN::Notify::Mirror::SSH
instead. See the documentation for more details...


To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-05-27 02:27:47 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.