You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2014/02/21 16:59:43 UTC
ASF svn server certficate + svn client
All,
I just tried to do an 'svn up' for tcnative and I got this response:
$ svn up
Updating '.':
Error validating server certificate for 'https://svn.apache.org:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
Certificate information:
- Hostname: *.apache.org
- Valid: from Feb 7 00:00:00 2014 GMT until Apr 7 23:59:59 2016 GMT
- Issuer: Thawte, Inc., US
- Fingerprint: DD:73:02:E6:4F:9E:FC:48:82:CC:61:68:F6:98:F0:AA:66:43:84:78
(R)eject, accept (t)emporarily or accept (p)ermanently?
Is this just a problem with Subversion? I notice that the cert is a
wildcard cert but the error is about the CA. Am I missing something?
I use brew to install recent svn versions onto Mac OS X Mavericks, and I
made sure I was using the latest svn version available via brew. Firefox
seems happy, so I suspect it's just a missing CA intermediate
certificate or something.
Any suggestions?
Thanks,
-chris
Re: ASF svn server certficate + svn client
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-02-21 23:06 GMT+04:00 Konstantin Kolinko <kn...@gmail.com>:
> 2014-02-21 23:01 GMT+04:00 Christopher Schultz <ch...@christopherschultz.net>:
>> Sebb,
>>
>> On 2/21/14, 11:09 AM, sebb wrote:
>>> The certs were changed recently. The new fingerprints should be on the
>>> infra website somewhere.
>>>
>>> A quick search found the outdated details for svn.apache.org:
>>>
>>> http://www.apache.org/dev/version-control.html#cert
>>>
>
> As the above page says,
> "However, Subversion, by default, does not currently ship with a list
> of trusted CAs.".
>
Also ""Error validating server certificate" errors" section further
on that page says how to install the CA certificate. I have not ever
tried that, though.
http://www.apache.org/dev/version-control.html#no-trusted-root-cert
>>> The uptodate list seems to be here:
>>>
>>> http://www.apache.org/dev/machines.html#ssl-keys
>>
>> Yeah, I could see that the cert was new as of a few days ago. I was
>> mostly wondering how to tell my svn client about whatever cert chain (or
>> portion thereof) is missing.
>>
>
> The easy way is to type "p" in that dialog.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: ASF svn server certficate + svn client
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-02-21 23:01 GMT+04:00 Christopher Schultz <ch...@christopherschultz.net>:
> Sebb,
>
> On 2/21/14, 11:09 AM, sebb wrote:
>> The certs were changed recently. The new fingerprints should be on the
>> infra website somewhere.
>>
>> A quick search found the outdated details for svn.apache.org:
>>
>> http://www.apache.org/dev/version-control.html#cert
>>
As the above page says,
"However, Subversion, by default, does not currently ship with a list
of trusted CAs.".
>> The uptodate list seems to be here:
>>
>> http://www.apache.org/dev/machines.html#ssl-keys
>
> Yeah, I could see that the cert was new as of a few days ago. I was
> mostly wondering how to tell my svn client about whatever cert chain (or
> portion thereof) is missing.
>
The easy way is to type "p" in that dialog.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: ASF svn server certficate + svn client
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Sebb,
On 2/21/14, 11:09 AM, sebb wrote:
> The certs were changed recently. The new fingerprints should be on the
> infra website somewhere.
>
> A quick search found the outdated details for svn.apache.org:
>
> http://www.apache.org/dev/version-control.html#cert
>
> The uptodate list seems to be here:
>
> http://www.apache.org/dev/machines.html#ssl-keys
Yeah, I could see that the cert was new as of a few days ago. I was
mostly wondering how to tell my svn client about whatever cert chain (or
portion thereof) is missing.
-chris
Re: ASF svn server certficate + svn client
Posted by sebb <se...@gmail.com>.
On 21 February 2014 16:09, sebb <se...@gmail.com> wrote:
> The certs were changed recently. The new fingerprints should be on the
> infra website somewhere.
>
> A quick search found the outdated details for svn.apache.org:
>
> http://www.apache.org/dev/version-control.html#cert
I've updated the details.
> The uptodate list seems to be here:
>
> http://www.apache.org/dev/machines.html#ssl-keys
>
>
> On 21 February 2014 15:59, Christopher Schultz
> <ch...@christopherschultz.net> wrote:
>> All,
>>
>> I just tried to do an 'svn up' for tcnative and I got this response:
>>
>> $ svn up
>> Updating '.':
>> Error validating server certificate for 'https://svn.apache.org:443':
>> - The certificate is not issued by a trusted authority. Use the
>> fingerprint to validate the certificate manually!
>> Certificate information:
>> - Hostname: *.apache.org
>> - Valid: from Feb 7 00:00:00 2014 GMT until Apr 7 23:59:59 2016 GMT
>> - Issuer: Thawte, Inc., US
>> - Fingerprint: DD:73:02:E6:4F:9E:FC:48:82:CC:61:68:F6:98:F0:AA:66:43:84:78
>> (R)eject, accept (t)emporarily or accept (p)ermanently?
>>
>> Is this just a problem with Subversion? I notice that the cert is a
>> wildcard cert but the error is about the CA. Am I missing something?
>>
>> I use brew to install recent svn versions onto Mac OS X Mavericks, and I
>> made sure I was using the latest svn version available via brew. Firefox
>> seems happy, so I suspect it's just a missing CA intermediate
>> certificate or something.
>>
>> Any suggestions?
>>
>> Thanks,
>> -chris
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: ASF svn server certficate + svn client
Posted by sebb <se...@gmail.com>.
The certs were changed recently. The new fingerprints should be on the
infra website somewhere.
A quick search found the outdated details for svn.apache.org:
http://www.apache.org/dev/version-control.html#cert
The uptodate list seems to be here:
http://www.apache.org/dev/machines.html#ssl-keys
On 21 February 2014 15:59, Christopher Schultz
<ch...@christopherschultz.net> wrote:
> All,
>
> I just tried to do an 'svn up' for tcnative and I got this response:
>
> $ svn up
> Updating '.':
> Error validating server certificate for 'https://svn.apache.org:443':
> - The certificate is not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
> Certificate information:
> - Hostname: *.apache.org
> - Valid: from Feb 7 00:00:00 2014 GMT until Apr 7 23:59:59 2016 GMT
> - Issuer: Thawte, Inc., US
> - Fingerprint: DD:73:02:E6:4F:9E:FC:48:82:CC:61:68:F6:98:F0:AA:66:43:84:78
> (R)eject, accept (t)emporarily or accept (p)ermanently?
>
> Is this just a problem with Subversion? I notice that the cert is a
> wildcard cert but the error is about the CA. Am I missing something?
>
> I use brew to install recent svn versions onto Mac OS X Mavericks, and I
> made sure I was using the latest svn version available via brew. Firefox
> seems happy, so I suspect it's just a missing CA intermediate
> certificate or something.
>
> Any suggestions?
>
> Thanks,
> -chris
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org