On Tue, Apr 26, 2011 at 6:06 PM, Platz, Steve <Steve_Platz_at_lord.com> wrote:
> Our Entrust SSL certificate recently expired and was replaced with a new one
> utilizing a certificate chain. Since installing the new certificate, access
> to a front-end website using this same certificate has been unaffected.
> However, we’re now seeing issues when we attempt to check
> out/update/browse/etc the repository using Windows (XP/7). In Windows, using
> version 1.6.16, I’m getting the following error:
>
>
>
> C:\Users\steve_platz>svn info https://path/to/repository
>
> Error validating server certificate for 'https://path/to/repository:443':
>
> - The certificate is not issued by a trusted authority. Use the fingerprint
> to validate the certificate manually!
>
> Certificate information:
>
> - Hostname: my.website.com
>
> - Valid: from Mon, 18 Apr 2011 18:52:34 GMT until Fri, 05 Jun
> 2015 23:15:02 GMT
>
>
>
> - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is
> incorporated by reference, Entrust, Inc., US
>
> - Fingerprint:
> 96:b4:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0
>
> (R)eject, accept (t)emporarily or accept (p)ermanently? T
>
>
>
> Running the above (svn info) from a Linux machine works as you would expect
> it to, without certificate errors. Is this a bug with the Windows client or
> have I set something up incorrectly?
Just guessing, but maybe the Linux machine (only your account, or
system-wide) has been configured to trust the Issuer's certificate as
a trusted certificate authority (thus automatically trusting every
certificate issued by that CA), and your Windows machine hasn't.
This can be configured on the client side, with the property ssl-authority-files
- For the user in ~/.subversion/servers
- System-wide in /etc/subversion/servers
See for more info:
http://svnbook.red-bean.com/nightly/en/svn.advanced.confarea.html#svn.advanced.confarea.opts.servers
You can do the same on Windows (also system-wide, I think that only
works via the Registry, but see the book for more details).
HTH,
--
Johan
Received on 2011-04-26 21:49:23 CEST