You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Giulio Troccoli <Gi...@uk.linedata.com> on 2010/07/08 09:37:05 UTC

Accepting SSL certificates

I am trying to set Subversion to use https. I have already acquired a certificate from the company CA and set everything up in Apache.

If if use https the I am asked to accept that the certificate comes from a trusted authority. If I accept it everything works.

So, I have been instructed to download the company certificate and I'm trying to set it as a trusted CA. I have added the following to ~/.subversion/servers

ssl-authority-files = /home/svn/LDS.crt

It's not .pem, but I have been told that it is PEM-encoded. However, if I try with https I get the following error

svn: Invalid config: unable to load certificate file '/home/svn/LDS.crt'

I thought it was a permission issue but the file was readable by everyone, and the user who runs Apache is svn as well so Apache (if involved at all) can read it too.

The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.

Finally, I know I could accept it permanently but eventually I want to set the ssl-authority-files parameter on the system-wide subversion configuration so that all users automatically accept it.

Thanks
Giulio





Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

RE: Accepting SSL certificates

Posted by Giulio Troccoli <Gi...@uk.linedata.com>.

>


Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----


> From: Boris Epstein [mailto:borepstein@gmail.com]
> Sent: 08 July 2010 13:28
> To: Giulio Troccoli
> Cc: users@subversion.apache.org
> Subject: Re: Accepting SSL certificates
>
> On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli
> <Gi...@uk.linedata.com> wrote:
> >
> > I am trying to set Subversion to use https. I have already
> acquired a certificate from the company CA and set everything
> up in Apache.
> >
> > If if use https the I am asked to accept that the
> certificate comes from a trusted authority. If I accept it
> everything works.
> >
> > So, I have been instructed to download the company
> certificate and I'm
> > trying to set it as a trusted CA. I have added the following to
> > ~/.subversion/servers
> >
> > ssl-authority-files = /home/svn/LDS.crt
> >
> > It's not .pem, but I have been told that it is PEM-encoded.
> However,
> > if I try with https I get the following error
> >
> > svn: Invalid config: unable to load certificate file
> '/home/svn/LDS.crt'
> >
> > I thought it was a permission issue but the file was
> readable by everyone, and the user who runs Apache is svn as
> well so Apache (if involved at all) can read it too.
> >
> > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.
> >
> > Finally, I know I could accept it permanently but
> eventually I want to set the ssl-authority-files parameter on
> the system-wide subversion configuration so that all users
> automatically accept it.
> >
> > Thanks
> > Giulio
>
> I remember dealing with it - and I think it is normal that a
> user has to accept the certificate once. I may be wrong but I
> thinkl this may be by design.
>
> Boris.

Thanks Boris, but apparently it was not a PEM-encoded certificate grrrrr

Anyway, after I got the right certificate (and I fix some other little things) it works.

So, if anyone is reading this from the archive, ssl-authority-files works just as expected.

Giulio

RE: Accepting SSL certificates

Posted by Giulio Troccoli <Gi...@uk.linedata.com>.

>


Linedata Limited
Registered Office: 85 Gracechurch St., London, EC3V 0AA
Registered in England and Wales No 3475006 VAT Reg No 710 3140 03

-----Original Message-----


> From: Boris Epstein [mailto:borepstein@gmail.com]
> Sent: 08 July 2010 13:28
> To: Giulio Troccoli
> Cc: users@subversion.apache.org
> Subject: Re: Accepting SSL certificates
>
> On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli
> <Gi...@uk.linedata.com> wrote:
> >
> > I am trying to set Subversion to use https. I have already
> acquired a certificate from the company CA and set everything
> up in Apache.
> >
> > If if use https the I am asked to accept that the
> certificate comes from a trusted authority. If I accept it
> everything works.
> >
> > So, I have been instructed to download the company
> certificate and I'm
> > trying to set it as a trusted CA. I have added the following to
> > ~/.subversion/servers
> >
> > ssl-authority-files = /home/svn/LDS.crt
> >
> > It's not .pem, but I have been told that it is PEM-encoded.
> However,
> > if I try with https I get the following error
> >
> > svn: Invalid config: unable to load certificate file
> '/home/svn/LDS.crt'
> >
> > I thought it was a permission issue but the file was
> readable by everyone, and the user who runs Apache is svn as
> well so Apache (if involved at all) can read it too.
> >
> > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.
> >
> > Finally, I know I could accept it permanently but
> eventually I want to set the ssl-authority-files parameter on
> the system-wide subversion configuration so that all users
> automatically accept it.
> >
> > Thanks
> > Giulio
>
> I remember dealing with it - and I think it is normal that a
> user has to accept the certificate once. I may be wrong but I
> thinkl this may be by design.
>
> Boris.

Thanks Boris, but apparently it was not a PEM-encoded certificate grrrrr

Anyway, after I got the right certificate (and I fix some other little things) it works.

So, if anyone is reading this from the archive, ssl-authority-files works just as expected.

Giulio

Re: Accepting SSL certificates

Posted by Boris Epstein <bo...@gmail.com>.

On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli
<Gi...@uk.linedata.com> wrote:
>
> I am trying to set Subversion to use https. I have already acquired a certificate from the company CA and set everything up in Apache.
>
> If if use https the I am asked to accept that the certificate comes from a trusted authority. If I accept it everything works.
>
> So, I have been instructed to download the company certificate and I'm trying to set it as a trusted CA. I have added the following to ~/.subversion/servers
>
> ssl-authority-files = /home/svn/LDS.crt
>
> It's not .pem, but I have been told that it is PEM-encoded. However, if I try with https I get the following error
>
> svn: Invalid config: unable to load certificate file '/home/svn/LDS.crt'
>
> I thought it was a permission issue but the file was readable by everyone, and the user who runs Apache is svn as well so Apache (if involved at all) can read it too.
>
> The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13.
>
> Finally, I know I could accept it permanently but eventually I want to set the ssl-authority-files parameter on the system-wide subversion configuration so that all users automatically accept it.
>
> Thanks
> Giulio
>
>
>
>
>
> Linedata Limited
> Registered Office: 85 Gracechurch St., London, EC3V 0AA
> Registered in England and Wales No 3475006 VAT Reg No 710 3140 03
>
>
>
>

Guido,

I remember dealing with it - and I think it is normal that a user has
to accept the certificate once. I may be wrong but I thinkl this may
be by design.

Boris.