[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows SSL Error

From: Johan Corveleyn <jcorvel_at_gmail.com>
Date: Thu, 28 Apr 2011 12:42:22 +0200

Ok, then I'm out of ideas. Maybe someone else still has some suggestions?

Johan

On Wed, Apr 27, 2011 at 1:12 PM, Platz, Steve <Steve_Platz_at_lord.com> wrote:
> Same thing there as well.
>
> -----Original Message-----
> From: Johan Corveleyn [mailto:jcorvel_at_gmail.com]
> Sent: Tuesday, April 26, 2011 4:15 PM
> To: Platz, Steve
> Cc: users_at_subversion.apache.org
> Subject: Re: Windows SSL Error
>
> And what about the system-wide file then? /etc/subversion/servers?
>
> On Tue, Apr 26, 2011 at 9:53 PM, Platz, Steve <Steve_Platz_at_lord.com> wrote:
>> For those Linux servers that I've tried this on, the ~/.subversion/servers file is the default one that is created with a brand new install. There are no entries under [global] or [groups].
>>
>> -----Original Message-----
>> From: Johan Corveleyn [mailto:jcorvel_at_gmail.com]
>> Sent: Tuesday, April 26, 2011 3:49 PM
>> To: Platz, Steve
>> Cc: users_at_subversion.apache.org
>> Subject: Re: Windows SSL Error
>>
>> On Tue, Apr 26, 2011 at 6:06 PM, Platz, Steve <Steve_Platz_at_lord.com> wrote:
>>> Our Entrust SSL certificate recently expired and was replaced with a
>>> new one utilizing a certificate chain.  Since installing the new
>>> certificate, access to a front-end website using this same certificate has been unaffected.
>>> However, we're now seeing issues when we attempt to check
>>> out/update/browse/etc the repository using Windows (XP/7). In
>>> Windows, using version 1.6.16, I'm getting the following error:
>>>
>>>
>>>
>>>                 C:\Users\steve_platz>svn info
>>> https://path/to/repository
>>>
>>> Error validating server certificate for 'https://path/to/repository:443':
>>>
>>> - The certificate is not issued by a trusted authority. Use the
>>> fingerprint to validate the certificate manually!
>>>
>>> Certificate information:
>>>
>>>                - Hostname: my.website.com
>>>
>>>                - Valid: from Mon, 18 Apr 2011 18:52:34 GMT until Fri,
>>> 05 Jun
>>> 2015 23:15:02 GMT
>>>
>>>
>>>
>>>                - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa
>>> is incorporated by reference, Entrust, Inc., US
>>>
>>>                - Fingerprint:
>>> 96:b4:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0
>>>
>>> (R)eject, accept (t)emporarily or accept (p)ermanently? T
>>>
>>>
>>>
>>> Running the above (svn info) from a Linux machine works as you would
>>> expect it to, without certificate errors. Is this a bug with the
>>> Windows client or have I set something up incorrectly?
>>
>> Just guessing, but maybe the Linux machine (only your account, or
>> system-wide) has been configured to trust the Issuer's certificate as a trusted certificate authority (thus automatically trusting every certificate issued by that CA), and your Windows machine hasn't.
>>
>> This can be configured on the client side, with the property
>> ssl-authority-files
>> - For the user in ~/.subversion/servers
>> - System-wide in /etc/subversion/servers
>>
>> See for more info:
>> http://svnbook.red-bean.com/nightly/en/svn.advanced.confarea.html#svn.
>> advanced.confarea.opts.servers
>>
>> You can do the same on Windows (also system-wide, I think that only works via the Registry, but see the book for more details).
>>
>> HTH,
>> --
>> Johan
>>
>
>
>
> --
> Johan
>

-- 
Johan
Received on 2011-04-28 12:43:12 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.