On Thu, Mar 08, 2012 at 02:56:10PM -0500, Zachary Burnham wrote:
> Hi. I'm having some trouble with command-line svn on OSX 10.7.3 . The
> problem appears to be that subversion can't find the CA certificates that are
> installed on my system (visible in Keychain Access.) I get the following
> error:
>
> $ svn log
> Error validating server certificate for 'https://<repo>:443':
> - The certificate is not issued by a trusted authority. Use the
> fingerprint to validate the certificate manually!
> Certificate information:
> - Hostname: *.<repo>
> - Valid: from Sun, 12 Feb 2012 02:34:03 GMT until Mon, 15 Apr 2013 19:02:56
> GMT
> - Issuer: GeoTrust, Inc., US
> - Fingerprint: <stuff>
>
> As you can see, the dates are OK, and the CA is valid. Going to the same url
> in Safari and Firefox gives a valid SSL connection.
>
> Does anyone have any suggestions?
I had the same problem, and came up with the following solution:
1) go into KeyChain Access and find the root certificate that you need
2) select and ctrl-click for the submenu and choose: Export "foo" ...
3) switch the file format to "Privacy Enhance Mail (.pem)"
4) save the result into /Users/whatever/.subversion
5) edit /Users/whatever/.subversion/servers:
ssl-authority-files = /Users/whatever/.subversion/foo.pem
Note that if you need multiple CAs, then use the following format:
ss-authority-files =
/Users/whatever/.subversion/first.pem;/Users/whatever/.subversion/second.pem
It is important that there are no spaces around the ";" and that it
resides on a single line.
Hope that helps,
-g
