Login | Register
My pages Projects Community openCollabNet

Discussions > users [DISABLED] > new cert, "Error validating server certificate"

subversion
Discussion topic

Back to topic list

new cert, "Error validating server certificate"

Author Bryan M <vanillaxtrakt at gmail dot com>
Full name Bryan M <vanillaxtrakt at gmail dot com>
Date 2009-11-10 11:48:45 PST
Message We have an svn server with https access via apache, dav_svn_module, and
authz_svn_module. We just got a new cert from Verisign, and installed it.
Now, when I try to update my local repository (using svn command line client
in Ubuntu), I get this error (I've replaced our domain with example.com):

Error validating server certificate for 'https://svn.example.com:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: *.example.com
 - Valid: from Thu, 05 Nov 2009 00:00:00 GMT until Thu, 11 Nov 2010 23:59:59
GMT
 - Issuer: Terms of use at https://www.verisign.com/rpa (c)09, VeriSign
Trust Network, VeriSign, Inc., US
 - Fingerprint: [removed]
(R)eject, accept (t)emporarily or accept (p)ermanently? ^Csvn: OPTIONS of '
https://svn.example.​com/svn/software/tru​nk': Server certificate verification
failed: issuer is not trusted (https://svn.example.com)

Why would it be giving me this prompt? The certificate is signed by
Verisign, and I updated the cert as well as the ca/intermediate cert on the
server. I don't recall getting this error before with our previous cert.
Using the openssl tool returns the cert as being valid:

$ openssl s_client -connect svn.example.com:443 | grep 'return code'
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network
verify return:1
depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
verify return:1
depth=0 [removed]
verify return:1
    Verify return code: 0 (ok)

This is a client issue, and not a server issue, right? If so, then why
didn't it complain when we were using our previous cert? I thought maybe I
needed to install the intermediate cert somewhere on the client, but the
intermediate CA cert for the old cert isn't on the client, and since it's
connecting through Apache, which has both certs installed, I don't
understand why it wouldn't validate the cert fine. I think I'm just
confusing myself...
Attachments

« Previous message in topic | 1 of 1 | Next message in topic »

Messages

Show all messages in topic

new cert, "Error validating server certificate" Bryan M <vanillaxtrakt at gmail dot com> Bryan M <vanillaxtrakt at gmail dot com> 2009-11-10 11:48:45 PST
Messages per page: