subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giulio Troccoli <Giulio.Trocc...@uk.linedata.com>
Subject RE: Accepting SSL certificates
Date Thu, 08 Jul 2010 15:29:42 GMT
>


Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----


> From: Boris Epstein [mailto:borepstein@gmail.com]
> Sent: 08 July 2010 13:28
> To: Giulio Troccoli
> Cc: users@subversion.apache.org
> Subject: Re: Accepting SSL certificates
>
> On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli
> <Giulio.Troccoli@uk.linedata.com> wrote:
> >
> > I am trying to set Subversion to use https. I have already
> acquired a certificate from the company CA and set everything
> up in Apache.
> >
> > If if use https the I am asked to accept that the
> certificate comes from a trusted authority. If I accept it
> everything works.
> >
> > So, I have been instructed to download the company
> certificate and I'm
> > trying to set it as a trusted CA. I have added the following to
> > ~/.subversion/servers
> >
> > ssl-authority-files = /home/svn/LDS.crt
> >
> > It's not .pem, but I have been told that it is PEM-encoded.
> However,
> > if I try with https I get the following error
> >
> > svn: Invalid config: unable to load certificate file
> '/home/svn/LDS.crt'
> >
> > I thought it was a permission issue but the file was
> readable by everyone, and the user who runs Apache is svn as
> well so Apache (if involved at all) can read it too.
> >
> > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.
> >
> > Finally, I know I could accept it permanently but
> eventually I want to set the ssl-authority-files parameter on
> the system-wide subversion configuration so that all users
> automatically accept it.
> >
> > Thanks
> > Giulio
>
> I remember dealing with it - and I think it is normal that a
> user has to accept the certificate once. I may be wrong but I
> thinkl this may be by design.
>
> Boris.

Thanks Boris, but apparently it was not a PEM-encoded certificate grrrrr

Anyway, after I got the right certificate (and I fix some other little things) it works.

So, if anyone is reading this from the archive, ssl-authority-files works just as expected.

Giulio

Mime
View raw message