Self-signed SVN Certificate

tgourley's Avatar

tgourley

07 Apr, 2015 05:15 PM

I have a SVN server setup (using VisualSVN) with a self signed certificate. Most all SVN clients give a warning, but allow for the certificate to be stored/accepted. I am getting an error in my build due to the certificate being self-signed. Is there a way to allow for or bypass this certificate being self-signed?

Thanks,

Trey Gourley

  1. Support Staff 1 Posted by Feodor Fitsner on 07 Apr, 2015 05:23 PM

    Feodor Fitsner's Avatar

    Hi Trey,

    We recently added --non-interactive --trust-server-cert to SVN cloning command. Is there any missing switch/setting to clone from your repo?

  2. 2 Posted by tgourley on 07 Apr, 2015 05:30 PM

    tgourley's Avatar

    I am new to your system (and to the general CI/CD environment.) Where would I set the --non-interactive --trust-server-cert settings? I tried adding it to the "init scripts" in the "Environment" settings tab, but that caused an error.

  3. Support Staff 3 Posted by Feodor Fitsner on 07 Apr, 2015 05:31 PM

    Feodor Fitsner's Avatar

    They are already added to svn checkout command. What do you have in a build log?

  4. 4 Posted by tgourley on 07 Apr, 2015 05:35 PM

    tgourley's Avatar

    Here is the build log...

    Build started
    svn checkout -q "MY_SVN_HOST:PORT/DIR/" "C:\projects\my-project" --non-interactive --trust-server-cert
    svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
    svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
    svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
    svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
    svn: E230001: Unable to connect to a repository at URL 'MY_SVN_HOST:PORT/DIR'
    svn: E230001: Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
    Command exited with code 1

  5. Support Staff 5 Posted by Feodor Fitsner on 07 Apr, 2015 05:48 PM

    Feodor Fitsner's Avatar

    Indeed, --trust-server-cert allows certificates from untrusted authorities, but host verification still takes place. Why wouldn't you just reissue a self-signed certificate for correct host name?

  6. 6 Posted by tgourley on 07 Apr, 2015 05:51 PM

    tgourley's Avatar

    That is plan B. I was just checking to see if there was anything I can do to bypass on this one build. I have a feeling that when I re-issue the certificate, it will restart the warning pop-ups for each of our developers that use this svn.

  7. Support Staff 7 Posted by Feodor Fitsner on 07 Apr, 2015 05:57 PM

    Feodor Fitsner's Avatar

    Other than some googled results suggest running a command and with redirected stdin to accept untrusted certificate, kind of echo p | <some-command-doing-request-to-remote-repo> (I don't know what p does mean though).

  8. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 01:55 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

16 Jul, 2019 06:34 PM
16 Jul, 2019 05:17 PM
16 Jul, 2019 10:17 AM
16 Jul, 2019 07:46 AM
16 Jul, 2019 04:51 AM

 

15 Jul, 2019 06:33 PM
15 Jul, 2019 06:09 PM
15 Jul, 2019 05:53 PM
15 Jul, 2019 05:46 PM
15 Jul, 2019 05:21 PM
15 Jul, 2019 04:29 PM