tags:

views:

32

answers:

1

My Subversion repository is available over HTTPS. I've got a self-signed CA root certificate, and the server uses a certificate signed with that.

The CA root certificate is stored in Trusted Root Certification Authorities, which means that (for example) Internet Explorer recognises it.

AnkhSVN, on the other hand, reports "There are some problems with this server's certificate". So: what is AnkhSVN using as its certificate store? It doesn't appear to be the Windows one. And how do I put my CA root certificate in there?

Update: My website is secured with a certificate named 'www.example.com', the parent certificate is 'ca.example.com', which is self-signed. 'ca.example.com' is in the Trusted Root Authorities store. When I browse to https://www.example.com/svn/, IE shows the padlock icon, and the certification path looks good. When I point AnkhSVN at the same place (by using File / Subversion / Open from Subversion), it brings up the warning message.

The SVN command line doesn't complain.

Note: I haven't tried it with TortoiseSVN yet.

On a hunch that it might be Windows' WebDAV client, I checked with Word. It works fine. The Windows 7 "Add Network Location" feature accepts the certificate, prompts for my credentials and then doesn't work (but that's a known problem with WebDAV over HTTPS in Windows).

A: 

The most likely cause is that your certificate chain does not verify or cannot be checked.

To verify, using IE8:

  • Click the padlock icon to the right of the address bar
  • Click "View Certificates"
  • Go to certification path
  • Check that all certs here report "OK"
Sander Rijken
The certificate chain is fine. At least, it is in IE.
Roger Lipscombe