Server certificate verification failed

Help
2008-02-25
2013-06-03
  • the_silver_fox
    the_silver_fox
    2008-02-25

    Hi,

    When trying to create a topic I get the following error :
    Problem generating topic text:

    svn: PROPFIND request failed on '/svn/<repName>/branches/<modName>'
    svn: PROPFIND of '/svn/<repName>/branches/<modName>': Server certificate verification failed: issuer is not trusted (https://<serverName>:8443)

    I am using version 1.9.4

    here is the repository entry from the codestriker.props

    @valid_repositories =
        (
         # Subversion server with authentication.  The user name and
         # password should be added to the end and separated by
         # semicolons.
         'svn:https://<servername>:8443/svn/<repName>;codestriker;passw0rd',
         'svn:https://<servername>:8443/svn/<repName>;codestriker;passw0rd',
        );

    I am successfully able to log in as codestriker/passw0rd and view the repository and check code out using subclipse and tortoisesvn.  I have also accepted the certificate as requested permanently.

    I am deploying codestriker on apache 2.2
    Subversion is the windows based VisualSVN Server
    Bugzilla is integrated with subversion using scmbug and all is working well.

    many thanks for any help or suggestions

     
    • rob_webset
      rob_webset
      2008-02-25

      Check the user that you are running apache/IIS as, make sure that user has accepted the certificate.

      We run with https (apache) and it does work OK.

      Hope this helps

      Rob

       
    • the_silver_fox
      the_silver_fox
      2008-02-25

      Is that the default apache username ? - is the password the same ?

      many thanks

       
      • rob_webset
        rob_webset
        2008-02-25

        If running on windows it's the user that starts the service.

        Easiest check is to log on as a user and then manually run apache.exe (i.e. stop the service, and then just run the executable) and run your test again. (UNIX should be able to be tested in a similar manner).

        Rob

         
    • the_silver_fox
      the_silver_fox
      2008-02-25

      Ok - thanks for the info so far, but that does not seem to have made a difference.

      I stopped the apache process and restarted it logged in as myself. I have verified that I am the user that started the httpd.exe process (I can see this thorugh a process explorer)

      I still however get the same error message

      in the repos definitions should I specify the username and password ?
      e.g
      @valid_repositories =
      (
      # Subversion server with authentication. The user name and
      # password should be added to the end and separated by
      # semicolons.
      'svn:https://<servername>:8443/svn/<repName>;codestriker;passw0rd',
      'svn:https://<servername>:8443/svn/<repName>;codestriker;passw0rd',
      );

      incidently I have tried with and without un / pwd but it made no difference (other than updating  the topic creation screen)

      any other suggestions ?

       
    • the_silver_fox
      the_silver_fox
      2008-02-25

      could it possibly be getting confused by domain ?

       
      • rob_webset
        rob_webset
        2008-02-25

        You'll need to make sure the https//............... domain path in the codestriker conf file matches that which your user has already accepted the certificate from - yes

         
    • the_silver_fox
      the_silver_fox
      2008-02-25

      ah ha success.....!!! - Many thanks

      turned out it was the server name

      I was importing the certificate using localhost as the servername - when I changed this to the fully qualified servername i.e server.name.org.com everything worked a treat

      to force an import from the command line for the specified user I did an svn list and permanently accepted the certificate.

      again, respect due for the assistance - much appreciated.

       
    • the_silver_fox
      the_silver_fox
      2008-02-25

      One othe thing I will mention is that with the certificate imported the username and password are no longer required in the repository definition in codestriker.conf