Self-signed SVN Certificate
I have a SVN server setup (using VisualSVN) with a self signed certificate. Most all SVN clients give a warning, but allow for the certificate to be stored/accepted. I am getting an error in my build due to the certificate being self-signed. Is there a way to allow for or bypass this certificate being self-signed?
Thanks,
Trey Gourley
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Feodor Fitsner on 07 Apr, 2015 05:23 PM
Hi Trey,
We recently added
--non-interactive --trust-server-certto SVN cloning command. Is there any missing switch/setting to clone from your repo?2 Posted by tgourley on 07 Apr, 2015 05:30 PM
I am new to your system (and to the general CI/CD environment.) Where would I set the --non-interactive --trust-server-cert settings? I tried adding it to the "init scripts" in the "Environment" settings tab, but that caused an error.
Support Staff 3 Posted by Feodor Fitsner on 07 Apr, 2015 05:31 PM
They are already added to
svn checkoutcommand. What do you have in a build log?4 Posted by tgourley on 07 Apr, 2015 05:35 PM
Here is the build log...
Build started
svn checkout -q "MY_SVN_HOST:PORT/DIR/" "C:\projects\my-project" --non-interactive --trust-server-cert
svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
Command exited with code 1
Support Staff 5 Posted by Feodor Fitsner on 07 Apr, 2015 05:48 PM
Indeed,
--trust-server-certallows certificates from untrusted authorities, but host verification still takes place. Why wouldn't you just reissue a self-signed certificate for correct host name?6 Posted by tgourley on 07 Apr, 2015 05:51 PM
That is plan B. I was just checking to see if there was anything I can do to bypass on this one build. I have a feeling that when I re-issue the certificate, it will restart the warning pop-ups for each of our developers that use this svn.
Support Staff 7 Posted by Feodor Fitsner on 07 Apr, 2015 05:57 PM
Other than some googled results suggest running a command and with redirected stdin to accept untrusted certificate, kind of
echo p | <some-command-doing-request-to-remote-repo>(I don't know whatpdoes mean though).Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 01:55 AM.