You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Graham Leggett <mi...@sharp.fm> on 2005/02/28 14:45:15 UTC
Svn: "certificate has expired"
Hi all,
Out of the blue, the most bizaare problem has cropped up between an SVN
server and some SVN clients.
Attempts to update to the svn server result in this message:
svn: PROPFIND of '/repos/fo/hoops/hoops/trunk': SSL negotiation failed:
SSL error: sslv3 alert certificate expired (https://subversion.xxx.co.za)
The SVN connection is an https connection with server and client certs.
The usual suspects have been checked and no problems found: the enddates
on all three certs (CA, server, client), and the clocks on both client and
server and correct and valid.
The first problem that is thwarting our debugging attempts is the
misleading message "certificate expired". There are three certificates
(CA, server, client), the error message does not say which cert has
expired, or on which date the cert expired - nothing useful.
Accessing the SVN repo from Firefox results in the same error: "Your
certificate has expired" (Firefox then aborts the attempt to load the
page). Again, Firefox does not explain which certificate "your"
certificate is, what it is called, or when it expired.
Accessing the SVN repo via a browser without the client cert installed
causes access to the public sections of the repo to be granted, so the
problem seems to be the client cert, although there is nothing obviously
wrong with them - they are still valid for another 11 months.
Anybody encountered any twilight zone errors like this?
Regards,
Graham
--
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Svn: "certificate has expired"
Posted by Graham Leggett <mi...@sharp.fm>.
Dale Worley wrote:
> You've checked that the copies of the CA certs haven't expired?
I have checked the following:
- The date and type on the server: check
- The date and time on the client: check
- The start and end dates on the CA cert on the client: check
- The start and end dates on the server cert: check
- The start and end dates on the client cert: check
Is there anything else I should have checked for? I am stumped completely.
Regards,
Graham
--
RE: Svn: "certificate has expired"
Posted by Dale Worley <dw...@pingtel.com>.
> From: Graham Leggett [mailto:minfrin@sharp.fm]
>
> Client and server certs were signed by the same CA cert.
You've checked that the copies of the CA certs haven't expired?
Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Svn: "certificate has expired"
Posted by Graham Leggett <mi...@sharp.fm>.
David Waite wrote:
> Was the client certificate signed by a separate CA than the server one?
Client and server certs were signed by the same CA cert.
Regards,
Graham
--
Re: Svn: "certificate has expired"
Posted by David Waite <dw...@gmail.com>.
Was the client certificate signed by a separate CA than the server one?
-David Waite
On Mon, 28 Feb 2005 16:45:15 +0200 (SAST), Graham Leggett
<mi...@sharp.fm> wrote:
> Hi all,
>
> Out of the blue, the most bizaare problem has cropped up between an SVN
> server and some SVN clients.
>
> Attempts to update to the svn server result in this message:
>
> svn: PROPFIND of '/repos/fo/hoops/hoops/trunk': SSL negotiation failed:
> SSL error: sslv3 alert certificate expired (https://subversion.xxx.co.za)
>
> The SVN connection is an https connection with server and client certs.
> The usual suspects have been checked and no problems found: the enddates
> on all three certs (CA, server, client), and the clocks on both client and
> server and correct and valid.
>
> The first problem that is thwarting our debugging attempts is the
> misleading message "certificate expired". There are three certificates
> (CA, server, client), the error message does not say which cert has
> expired, or on which date the cert expired - nothing useful.
>
> Accessing the SVN repo from Firefox results in the same error: "Your
> certificate has expired" (Firefox then aborts the attempt to load the
> page). Again, Firefox does not explain which certificate "your"
> certificate is, what it is called, or when it expired.
>
> Accessing the SVN repo via a browser without the client cert installed
> causes access to the public sections of the repo to be granted, so the
> problem seems to be the client cert, although there is nothing obviously
> wrong with them - they are still valid for another 11 months.
>
> Anybody encountered any twilight zone errors like this?
>
> Regards,
> Graham
> --
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org