Ok, then I'm out of ideas. Maybe someone else still has some suggestions? Johan
On Wed, Apr 27, 2011 at 1:12 PM, Platz, Steve <steve_pl...@lord.com> wrote: > Same thing there as well. > > -----Original Message----- > From: Johan Corveleyn [mailto:jcor...@gmail.com] > Sent: Tuesday, April 26, 2011 4:15 PM > To: Platz, Steve > Cc: users@subversion.apache.org > Subject: Re: Windows SSL Error > > And what about the system-wide file then? /etc/subversion/servers? > > On Tue, Apr 26, 2011 at 9:53 PM, Platz, Steve <steve_pl...@lord.com> wrote: >> For those Linux servers that I've tried this on, the ~/.subversion/servers >> file is the default one that is created with a brand new install. There are >> no entries under [global] or [groups]. >> >> -----Original Message----- >> From: Johan Corveleyn [mailto:jcor...@gmail.com] >> Sent: Tuesday, April 26, 2011 3:49 PM >> To: Platz, Steve >> Cc: users@subversion.apache.org >> Subject: Re: Windows SSL Error >> >> On Tue, Apr 26, 2011 at 6:06 PM, Platz, Steve <steve_pl...@lord.com> wrote: >>> Our Entrust SSL certificate recently expired and was replaced with a >>> new one utilizing a certificate chain. Since installing the new >>> certificate, access to a front-end website using this same certificate has >>> been unaffected. >>> However, we're now seeing issues when we attempt to check >>> out/update/browse/etc the repository using Windows (XP/7). In >>> Windows, using version 1.6.16, I'm getting the following error: >>> >>> >>> >>> C:\Users\steve_platz>svn info >>> https://path/to/repository >>> >>> Error validating server certificate for 'https://path/to/repository:443': >>> >>> - The certificate is not issued by a trusted authority. Use the >>> fingerprint to validate the certificate manually! >>> >>> Certificate information: >>> >>> - Hostname: my.website.com >>> >>> - Valid: from Mon, 18 Apr 2011 18:52:34 GMT until Fri, >>> 05 Jun >>> 2015 23:15:02 GMT >>> >>> >>> >>> - Issuer: (c) 2009 Entrust, Inc., www.entrust.net/rpa >>> is incorporated by reference, Entrust, Inc., US >>> >>> - Fingerprint: >>> 96:b4:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0 >>> >>> (R)eject, accept (t)emporarily or accept (p)ermanently? T >>> >>> >>> >>> Running the above (svn info) from a Linux machine works as you would >>> expect it to, without certificate errors. Is this a bug with the >>> Windows client or have I set something up incorrectly? >> >> Just guessing, but maybe the Linux machine (only your account, or >> system-wide) has been configured to trust the Issuer's certificate as a >> trusted certificate authority (thus automatically trusting every certificate >> issued by that CA), and your Windows machine hasn't. >> >> This can be configured on the client side, with the property >> ssl-authority-files >> - For the user in ~/.subversion/servers >> - System-wide in /etc/subversion/servers >> >> See for more info: >> http://svnbook.red-bean.com/nightly/en/svn.advanced.confarea.html#svn. >> advanced.confarea.opts.servers >> >> You can do the same on Windows (also system-wide, I think that only works >> via the Registry, but see the book for more details). >> >> HTH, >> -- >> Johan >> > > > > -- > Johan > -- Johan
