[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Accepting SSL certificates

From: Giulio Troccoli <Giulio.Troccoli_at_uk.linedata.com>
Date: Thu, 8 Jul 2010 16:29:42 +0100

>

Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----

> From: Boris Epstein [mailto:borepstein_at_gmail.com]
> Sent: 08 July 2010 13:28
> To: Giulio Troccoli
> Cc: users_at_subversion.apache.org
> Subject: Re: Accepting SSL certificates
>
> On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli
> <Giulio.Troccoli_at_uk.linedata.com> wrote:
> >
> > I am trying to set Subversion to use https. I have already
> acquired a certificate from the company CA and set everything
> up in Apache.
> >
> > If if use https the I am asked to accept that the
> certificate comes from a trusted authority. If I accept it
> everything works.
> >
> > So, I have been instructed to download the company
> certificate and I'm
> > trying to set it as a trusted CA. I have added the following to
> > ~/.subversion/servers
> >
> > ssl-authority-files = /home/svn/LDS.crt
> >
> > It's not .pem, but I have been told that it is PEM-encoded.
> However,
> > if I try with https I get the following error
> >
> > svn: Invalid config: unable to load certificate file
> '/home/svn/LDS.crt'
> >
> > I thought it was a permission issue but the file was
> readable by everyone, and the user who runs Apache is svn as
> well so Apache (if involved at all) can read it too.
> >
> > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.
> >
> > Finally, I know I could accept it permanently but
> eventually I want to set the ssl-authority-files parameter on
> the system-wide subversion configuration so that all users
> automatically accept it.
> >
> > Thanks
> > Giulio
>
> I remember dealing with it - and I think it is normal that a
> user has to accept the certificate once. I may be wrong but I
> thinkl this may be by design.
>
> Boris.

Thanks Boris, but apparently it was not a PEM-encoded certificate grrrrr

Anyway, after I got the right certificate (and I fix some other little things) it works.

So, if anyone is reading this from the archive, ssl-authority-files works just as expected.

Giulio
Received on 2010-07-08 17:30:22 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.