RE: Windows SSL Error
That was one of my first thoughts as well. I checked my root certificate store and the Entrust certificate that seems to be having problems is in there. Steve -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Friday, April 29, 2011 5:25 PM To: Platz, Steve Cc: users@subversion.apache.org Subject: Re: Windows SSL Error 2011/4/26 Platz, Steve : > Our Entrust SSL certificate recently expired and was replaced with a > new one utilizing a certificate chain. Since installing the new > certificate, access to a front-end website using this same certificate has > been unaffected. > However, we're now seeing issues when we attempt to check > out/update/browse/etc the repository using Windows (XP/7). In Windows, > using version 1.6.16, I'm getting the following error: > > > > C:\Users\steve_platz>svn info > https://path/to/repository > > Error validating server certificate for 'https://path/to/repository:443': > > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > I think that it uses OS libraries to check the certificates. When you go to the Microsoft's Windows update site, among the "not important" updates there exists the "update root certificates" update. Maybe it will help you. Quick googling leads to this page: http://support.microsoft.com/kb/931125/en-us Best regards, Konstantin Kolinko
Error validating server certificate
$ svn info https://svn.macosforge.org/repository/macports Error validating server certificate for 'https://svn.macosforge.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: *.macosforge.org - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 GMT - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by reference, Entrust, Inc., US - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02 (R)eject, accept (t)emporarily or accept (p)ermanently? I am running Subversion 1.6.17 as installed by MacPorts 1.9.2 on Mac OS X 10.6.7. What do I have to do to get Subversion to recognize that the certificate we are using for Mac OS Forge *is* issued by a trusted authority? I want a solution that does not involve every MacPorts contributor having to see this message and press "p"; I want a solution that does not involve anyone seeing this message at all. Do I have to somehow provide Subversion with a bundle of well-known trusted certificates? MacPorts includes the port curl-ca-bundle which installs a bundle of certs from Mozilla, and is used by the curl port to be able to access https sites. Can Subversion make use of that same bundle?
Re: Error validating server certificate
On Mon, May 2, 2011 at 4:03 PM, Ryan Schmidt wrote: > $ svn info https://svn.macosforge.org/repository/macports > Error validating server certificate for 'https://svn.macosforge.org:443': > - The certificate is not issued by a trusted authority. Use the > fingerprint to validate the certificate manually! > Certificate information: > - Hostname: *.macosforge.org > - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 > GMT > - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by > reference, Entrust, Inc., US > - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02 > (R)eject, accept (t)emporarily or accept (p)ermanently? > > > I am running Subversion 1.6.17 as installed by MacPorts 1.9.2 on Mac OS X > 10.6.7. What do I have to do to get Subversion to recognize that the > certificate we are using for Mac OS Forge *is* issued by a trusted authority? > I want a solution that does not involve every MacPorts contributor having to > see this message and press "p"; I want a solution that does not involve > anyone seeing this message at all. > > Do I have to somehow provide Subversion with a bundle of well-known trusted > certificates? MacPorts includes the port curl-ca-bundle which installs a > bundle of certs from Mozilla, and is used by the curl port to be able to > access https sites. Can Subversion make use of that same bundle? I use the binaries that Jeremy Whitlock provides and which you can download at CollabNet. This is what I get: $ svn info https://svn.macosforge.org/repository/macports Path: macports URL: https://svn.macosforge.org/repository/macports Repository Root: https://svn.macosforge.org/repository/macports Repository UUID: d073be05-634f-4543-b044-5fe20cf6d1d6 Revision: 78307 Node Kind: directory Last Changed Author: gwri...@macports.org Last Changed Rev: 78307 Last Changed Date: 2011-05-02 15:33:44 -0400 (Mon, 02 May 2011) His binaries use the OpenSSL that comes from Apple and that might be the difference? For MacPorts, I would think it would depend upon what is in: /opt/local/etc/openssl -- Thanks Mark Phippard http://markphip.blogspot.com/
Re: Error validating server certificate
Ryan Schmidt wrote on Mon, May 02, 2011 at 15:03:31 -0500: > $ svn info https://svn.macosforge.org/repository/macports > Error validating server certificate for 'https://svn.macosforge.org:443': > - The certificate is not issued by a trusted authority. Use the >fingerprint to validate the certificate manually! > Certificate information: > - Hostname: *.macosforge.org > - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 > GMT > - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by > reference, Entrust, Inc., US > - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02 > (R)eject, accept (t)emporarily or accept (p)ermanently? > > > I am running Subversion 1.6.17 No, you don't. It hasn't been released yet. You *might* be running a "Subversion 1.6.17 (dev build)" --- i.e., 1.6.16 plus patches. It might say "1.6.17 (under development)" later if a certain backport proposal (in STATUS) is approved.
Re: Error validating server certificate
On Mon, May 2, 2011 at 4:34 PM, Daniel Shahaf wrote: > Ryan Schmidt wrote on Mon, May 02, 2011 at 15:03:31 -0500: >> $ svn info https://svn.macosforge.org/repository/macports >> Error validating server certificate for 'https://svn.macosforge.org:443': >> - The certificate is not issued by a trusted authority. Use the >> fingerprint to validate the certificate manually! >> Certificate information: >> - Hostname: *.macosforge.org >> - Valid: from Thu, 28 Apr 2011 22:45:15 GMT until Sat, 31 May 2014 10:51:08 >> GMT >> - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by >> reference, Entrust, Inc., US >> - Fingerprint: bf:77:a4:84:d4:3e:0c:55:28:3d:2a:37:bc:8a:47:39:76:73:b7:02 >> (R)eject, accept (t)emporarily or accept (p)ermanently? >> >> >> I am running Subversion 1.6.17 > > No, you don't. It hasn't been released yet. I just assumed it is a typo. -- Thanks Mark Phippard http://markphip.blogspot.com/
