And what about the system-wide file then? /etc/subversion/servers? On Tue, Apr 26, 2011 at 9:53 PM, Platz, Steve <steve_pl...@lord.com> wrote: > For those Linux servers that I've tried this on, the ~/.subversion/servers > file is the default one that is created with a brand new install. There are > no entries under [global] or [groups]. > > -----Original Message----- > From: Johan Corveleyn [mailto:jcor...@gmail.com] > Sent: Tuesday, April 26, 2011 3:49 PM > To: Platz, Steve > Cc: users@subversion.apache.org > Subject: Re: Windows SSL Error > > On Tue, Apr 26, 2011 at 6:06 PM, Platz, Steve <steve_pl...@lord.com> wrote: >> Our Entrust SSL certificate recently expired and was replaced with a >> new one utilizing a certificate chain. Since installing the new >> certificate, access to a front-end website using this same certificate has >> been unaffected. >> However, we're now seeing issues when we attempt to check >> out/update/browse/etc the repository using Windows (XP/7). In Windows, >> using version 1.6.16, I'm getting the following error: >> >> >> >> C:\Users\steve_platz>svn info >> https://path/to/repository >> >> Error validating server certificate for 'https://path/to/repository:443': >> >> - The certificate is not issued by a trusted authority. Use the >> fingerprint to validate the certificate manually! >> >> Certificate information: >> >> - Hostname: my.website.com >> >> - Valid: from Mon, 18 Apr 2011 18:52:34 GMT until Fri, >> 05 Jun >> 2015 23:15:02 GMT >> >> >> >> - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa >> is incorporated by reference, Entrust, Inc., US >> >> - Fingerprint: >> 96:b4:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0 >> >> (R)eject, accept (t)emporarily or accept (p)ermanently? T >> >> >> >> Running the above (svn info) from a Linux machine works as you would >> expect it to, without certificate errors. Is this a bug with the >> Windows client or have I set something up incorrectly? > > Just guessing, but maybe the Linux machine (only your account, or > system-wide) has been configured to trust the Issuer's certificate as a > trusted certificate authority (thus automatically trusting every certificate > issued by that CA), and your Windows machine hasn't. > > This can be configured on the client side, with the property > ssl-authority-files > - For the user in ~/.subversion/servers > - System-wide in /etc/subversion/servers > > See for more info: > http://svnbook.red-bean.com/nightly/en/svn.advanced.confarea.html#svn.advanced.confarea.opts.servers > > You can do the same on Windows (also system-wide, I think that only works via > the Registry, but see the book for more details). > > HTH, > -- > Johan >
-- Johan
