Accepting SSL certificates
I am trying to set Subversion to use https. I have already acquired a certificate from the company CA and set everything up in Apache. If if use https the I am asked to accept that the certificate comes from a trusted authority. If I accept it everything works. So, I have been instructed to download the company certificate and I'm trying to set it as a trusted CA. I have added the following to ~/.subversion/servers ssl-authority-files = /home/svn/LDS.crt It's not .pem, but I have been told that it is PEM-encoded. However, if I try with https I get the following error svn: Invalid config: unable to load certificate file '/home/svn/LDS.crt' I thought it was a permission issue but the file was readable by everyone, and the user who runs Apache is svn as well so Apache (if involved at all) can read it too. The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13. Finally, I know I could accept it permanently but eventually I want to set the ssl-authority-files parameter on the system-wide subversion configuration so that all users automatically accept it. Thanks Giulio Linedata Limited Registered Office: 85 Gracechurch St., London, EC3V 0AA Registered in England and Wales No 3475006 VAT Reg No 710 3140 03
Re: Accepting SSL certificates
On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli wrote: > > I am trying to set Subversion to use https. I have already acquired a > certificate from the company CA and set everything up in Apache. > > If if use https the I am asked to accept that the certificate comes from a > trusted authority. If I accept it everything works. > > So, I have been instructed to download the company certificate and I'm trying > to set it as a trusted CA. I have added the following to ~/.subversion/servers > > ssl-authority-files = /home/svn/LDS.crt > > It's not .pem, but I have been told that it is PEM-encoded. However, if I try > with https I get the following error > > svn: Invalid config: unable to load certificate file '/home/svn/LDS.crt' > > I thought it was a permission issue but the file was readable by everyone, > and the user who runs Apache is svn as well so Apache (if involved at all) > can read it too. > > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13. > > Finally, I know I could accept it permanently but eventually I want to set > the ssl-authority-files parameter on the system-wide subversion configuration > so that all users automatically accept it. > > Thanks > Giulio > > > > > > Linedata Limited > Registered Office: 85 Gracechurch St., London, EC3V 0AA > Registered in England and Wales No 3475006 VAT Reg No 710 3140 03 > > > > Guido, I remember dealing with it - and I think it is normal that a user has to accept the certificate once. I may be wrong but I thinkl this may be by design. Boris.
RE: Accepting SSL certificates
> Linedata Limited Registered Office: 85 Gracechurch St., London, EC3V 0AA Registered in England and Wales No 3475006 VAT Reg No 710 3140 03 -Original Message- > From: Boris Epstein [mailto:borepst...@gmail.com] > Sent: 08 July 2010 13:28 > To: Giulio Troccoli > Cc: users@subversion.apache.org > Subject: Re: Accepting SSL certificates > > On Thu, Jul 8, 2010 at 5:37 AM, Giulio Troccoli > wrote: > > > > I am trying to set Subversion to use https. I have already > acquired a certificate from the company CA and set everything > up in Apache. > > > > If if use https the I am asked to accept that the > certificate comes from a trusted authority. If I accept it > everything works. > > > > So, I have been instructed to download the company > certificate and I'm > > trying to set it as a trusted CA. I have added the following to > > ~/.subversion/servers > > > > ssl-authority-files = /home/svn/LDS.crt > > > > It's not .pem, but I have been told that it is PEM-encoded. > However, > > if I try with https I get the following error > > > > svn: Invalid config: unable to load certificate file > '/home/svn/LDS.crt' > > > > I thought it was a permission issue but the file was > readable by everyone, and the user who runs Apache is svn as > well so Apache (if involved at all) can read it too. > > > > The server is CentOS 5, SVN is 1.6.9 and Apache is 2.2.13. > > > > Finally, I know I could accept it permanently but > eventually I want to set the ssl-authority-files parameter on > the system-wide subversion configuration so that all users > automatically accept it. > > > > Thanks > > Giulio > > I remember dealing with it - and I think it is normal that a > user has to accept the certificate once. I may be wrong but I > thinkl this may be by design. > > Boris. Thanks Boris, but apparently it was not a PEM-encoded certificate gr Anyway, after I got the right certificate (and I fix some other little things) it works. So, if anyone is reading this from the archive, ssl-authority-files works just as expected. Giulio
