Making SVN trust a new root CA certificate
If you’re using Subversion to connect to an HTTPS repository that’s signed by a non-standard root certificate — such as a CACert.org certificate, for example — here’s how to do it on Linux or OS X. (Windows users: sorry, you’re out of luck. I haven’t developed on Windows since 1999, and I don’t ever want to go back. So the only way this post will ever be updated with Windows instructions is if someone else figures out how to do it and leaves a comment.)
- First, download the certificate you’re interested in, e.g. “wget http://www.cacert.org/certs/class1.crt”. I suggest storing it in /etc/ssl/certs with an appropriate name, such as “cacert-root-ca.crt”. You’ll need to have root privileges (use “sudo”) to get write access to the /etc/ssl/certs directory.
- Run “openssl md5 /etc/ssl/certs/cacert-root-ca.crt” and/or “openssl sha1 /etc/ssl/certs/cacert-root-ca.crt” and compare the results against the certificate fingerprint given on the website. The website you’re downloading this certificate from does give you its MD5 and/or SHA1 fingerprints, right? (If not, what the heck are you doing trusting a certificate you haven’t verified?!?)
- Run “openssl x509 -text -in /etc/ssl/certs/cacert-root-ca.crt” to verify that the certificate’s data (company name and so on) looks correct.
- If the above fails, add “-inform der” to the command above: maybe you accidentally downloaded the DER-encoded certificate instead of the PEM-encoded certificate.
- If you have the DER version, you’ll need to convert it to PEM. Run “sudo openssl x509 -inform der -outform pem -in /etc/ssl/certs/cacert-root-ca.crt -out /etc/ssl/certs/cacert-root-ca.pem”. Note the “sudo” in front of that command: you’re writing to the /etc/ssl/certs directory, so you need to be root.
- Now that you’ve got a certificate in PEM format and verified it, it’s time to edit your “~/.subversion/servers” file. In the “[globals]” section, add the line “ssl-authority-files = /etc/ssl/certs/cacert-root-ca.crt”. The “ssl-authority-files” option is a colon-delimited list, so if you already have something there and are adding the second certificate to it, use a colon to separate the two paths. If you’re adding a third certificate to the list, then you should already see the colon and be able to figure it out. :-)
I mostly figured this out from the “SSL Certificate Management” section of the Subversion book. Which I highly recommend reading, BTW.
I hope this helps someone else spend a little less time on Google figuring out how to trust a new root CA.
canada goose jakke are recognized getting a brand name that many stars and renowned people most similar.B3&8(uu》
This article gives the light in which we can observe the reality This is a really good read for me. its really very good post. Thanks for posting this informative article.caiyifang/comment201112
This article gives the light in which we can observe the reality This is a really good read for me. its really very good post. Thanks for posting this informative article.caiyifang/comment201112 Men UGG Boots
Kids UGG Boots
Thank you for sharing your stuff on blog.Women’s Jackets It is doubtless that we have similar interests. Canada Goose Women Something are very helpful to me.
womens canada goose jackets makes up necessitated because United States government fashionable the approaching daytimes. Leastways, canada goose will enable us to better welcome this December, the winter that has already arrived.What the world can give you is always beyond what runs wild in your mind. In this winter, canada goose jackets for women is quite suit people.B3&8(uu》
wow.. I used to be searching for this and at last acquired it from this post. Thanks for making it easier.
I have visited your blog several time. Your blogging is very helpful and useful. This is another one of this type. Your research for this post is appreciable. I am happy again to read your post .
Hi there, I found your blog via Google while searching something and your post looks very entertaining for me. Great page you are running there. And many thanks for posting this.caiyifang/comment201201
I found this is very useful and interesting blog.I noticed more suggestive information on your blog.Its really great for your creative thinking.Thanks for sharing.caiyifang/comment201201
Hi there, I found your blog via Google while searching something and your post looks very entertaining for me. Great page you are running there. And many thanks for posting this.caiyifang/comment201201Moncler Jackets For Kids
Moncler Jackets For Men
new era hats
new era hats
Hsieh Wang also pointed out that Christian Louboutin Very Prive Platform Pumps Black the PRD is slightly Some companies are reluctant Christian Louboutin Very Prive Shine Leather Shoe Black to primitive accumulation in the industry, and turn to real estate investment or set up a fund company, to do private equity or venture capital. There are some companies adopt the way of overseas migration, the transfer of money abroad, through Miss Corset Lace_Up Ankle Boot Black the acquisition of assets to be developed.
Great post. Thanks for sharing..caiyifang/comment201201
But the bird was almost out of sight now and nothing showed on the surface of the water but some patches of yellow, sun-bleached Sargasso weed and the purple, formalized, iridescent, gelatinous bladder of a Portuguese man-of-war floa hogan outlet ting close beside t juicy couture outlet he boat. It turned on its side and then righted itself. It floated cheerfully as Tresor Paris a bubble with its long deadly purple filaments trailing a yard behind it in the water.
I’ll be back soon on your site again so please continue sharing your great tips.
I like to shop the Abercrombie and Fitch Hoodies from Abercrombie and Fitch outlet store.The Abercrombie and Fitch clothes have the best quality and design.The Abercrombie and Fitch Sweatpants suit for everyone to wear.
Your research for this post is appreciable. Valentine’s day Wallpaper
Really intelligent piece of writing buddy, keep it up and I will keep tweeting your blog posts for you so you can get the readers you deserve!
Really i like your post,excellent explanation about this particular topic.
Tie bar there are womens shoes several methods, principles are: the greater the angle of the shirt collar, tie ligation was greater; angle more pointed collar, tie ligation as small; tie moderation, and the corresponding tie knot also strike a moderate. Tied the tie, not jimmy choo handbags to exceed the length of the belt is better. If you wear three-piece installation, to tie into the vest. The next twelve years, the slender tie to the main play, looks slender, gentle, well adapted to retro.slender, gentle, well adapted to retro.
When wearing dress christian louboutin espadrilles wedges shoes, can not wear athletic socks, and wear wool socks or stockings. The color of socks in black, dark gray better, taboo light, do christian louboutin not spend whistle. And stockings should be of high elasticity is better, so sit down, exposing a length unsightly legs. Each pair of shoes do not wear more than 3 days straight, often changing his shoes, both beneficial Ffoot louboutin womens care, shoes and avoid distortion, you can always have a new feeling.