Comments on: Making SVN trust a new root CA certificate http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/ The ramblings of a Christian geek Tue, 18 Nov 2008 15:19:07 +0000 http://wordpress.org/?v=2.0.4 by: Norbert Wenzel http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-13579 Wed, 13 Aug 2008 10:06:45 +0000 http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-13579 Hmm, seems like TSVN 1.5 uses the Windows Trusted Servers. At least it accepted my self-signed cert, which is added to WinXP as trusted certification authority. Hmm, seems like TSVN 1.5 uses the Windows Trusted Servers. At least it accepted my self-signed cert, which is added to WinXP as trusted certification authority.

]]> by: David Davies http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-8534 Fri, 25 Jan 2008 18:29:09 +0000 http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-8534 A more elegant approach than what I wrote above is to adapt the original article. First, you can get a DER-encoded version of the certificate from Internet Explorer. Just visit the repository in Internet Explorer (https://server/svn) and double-click on the lock icon. Click on the Details tab and then click the Copy to File button. Choose the first option, which should be to use the DER encoded binary X.509 format. Once you have exported this file, you can start at the second-to-last bullet in the original instructions above. You'll need the openssl executable, but that's not hard to find, and is probably already installed on the server where you're running Apache with Subversion. On Windows, the "servers" file mentioned in the last bullet is located at %ALLUSERSPROFILE%\Application Data\Subversion if you want it to work for all users on the system. (If you only want the certificate to be installed for a particular user, you can modify the "servers" file at a parallel location in that user's profile.) I found that using quotes in the path for my ssl-authority-files did not work, so you may want to omit them. A more elegant approach than what I wrote above is to adapt the original article.

First, you can get a DER-encoded version of the certificate from Internet Explorer. Just visit the repository in Internet Explorer (https://server/svn) and double-click on the lock icon. Click on the Details tab and then click the Copy to File button. Choose the first option, which should be to use the DER encoded binary X.509 format.

Once you have exported this file, you can start at the second-to-last bullet in the original instructions above. You’ll need the openssl executable, but that’s not hard to find, and is probably already installed on the server where you’re running Apache with Subversion.

On Windows, the “servers” file mentioned in the last bullet is located at %ALLUSERSPROFILE%\Application Data\Subversion if you want it to work for all users on the system. (If you only want the certificate to be installed for a particular user, you can modify the “servers” file at a parallel location in that user’s profile.)

I found that using quotes in the path for my ssl-authority-files did not work, so you may want to omit them.

]]> by: David Davies http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-8510 Thu, 24 Jan 2008 20:29:59 +0000 http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-8510 On Windows, the SSL certificates are stored in the following directory: %USERPROFILE%\Application Data\Subversion\auth\svn.ssl.server When you accept the certificate on one machine, a file is created a file in this folder. That file contains the necessary key. Copy that file to the corresponding directories for other profiles (and on other systems), and Subversion and TortoiseSVN will already trust the certificate. On Windows, the SSL certificates are stored in the following directory:

%USERPROFILE%\Application Data\Subversion\auth\svn.ssl.server

When you accept the certificate on one machine, a file is created a file in this folder. That file contains the necessary key. Copy that file to the corresponding directories for other profiles (and on other systems), and Subversion and TortoiseSVN will already trust the certificate.

]]> by: Robin Munn http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-3211 Mon, 09 Apr 2007 00:09:31 +0000 http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-3211 <a href="http://groups.google.com/group/comp.security.misc/browse_frm/thread/9608242f85f2fc8c/5ad8584abf9abdb6?lnk=gst&q=crt+cer&rnum=1#5ad8584abf9abdb6" rel="nofollow">This thread</a> from the comp.security.misc newsgroup says that .crt is the ASCII-encoded form of .cer -- so I think the instructions would be pretty much unchanged for a .cer file. I see no options to the "openssl x509" command that would tell it to expect a text-encoded and/or binary file, so I'm guessing it works with both. Let me know if you try it out and something doesn't work. This thread from the comp.security.misc newsgroup says that .crt is the ASCII-encoded form of .cer — so I think the instructions would be pretty much unchanged for a .cer file. I see no options to the “openssl x509″ command that would tell it to expect a text-encoded and/or binary file, so I’m guessing it works with both.

Let me know if you try it out and something doesn’t work.

]]> by: Ben Little http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-3189 Fri, 06 Apr 2007 17:10:20 +0000 http://www.geekforgod.com/2006/12/01/making-svn-trust-a-new-root-ca-certificate/#comment-3189 Hi there, CaCert.org no longer has a crt file available, they have a cer file. Can I perform this same process with the .cer file? Thanks Hi there,

CaCert.org no longer has a crt file available, they have a cer file. Can I perform this same process with the .cer file?

Thanks

]]>