I appear to have sent you in the wrong direction.
You should indeed let svn know of the CA certificate. This can be done
in various ways. In my case I added my CAcert to the system defaults in
/etc/ssl/certs. The svn docs say you need to edit the runtime servers
file, which can be found in the homedir of the user who runs continuum,
in ~/.subversion/servers. Edit a parameter called ssl-authority-files.
You may need to restart Continuum.
Hope this helps,
Thijs
Ryan Skorstad wrote:
I have added my CA to the JVM's keystore using keytool:
keytool -import -keystore cacerts -file my.ca
and also:
keytool -import -keystore cacerts -file my.ca -trustcacerts
The cafile is located in /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/ which
should be the correct location for the JVM that Continuum is using.
I have verified that the CA is correct by using OpenSSL to connect to my
svn repository:
openssl s_client -CAfile my.ca -connect svn.mydomain.com:443
It still throws the 'javax.net.ssl.SSLPeerUnverifiedException: peer not
authenticated' exception. Am I using the wrong keystore? This is the
only one on the machine.
-Ryan
Thijs Schnitger wrote:
Ryan Skorstad wrote:
Is there a way to get my Continuum to trust my CA?
Add the certificate of your CA to the cacerts file of your JRE, using
keytool.
