Return-Path: 
 <users-return-7247-apmail-continuum-users-archive=continuum.apache.org@continuum.apache.org>
Delivered-To: apmail-continuum-users-archive@www.apache.org
Received: (qmail 85400 invoked from network); 8 Nov 2008 18:04:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 8 Nov 2008 18:04:27 -0000
Received: (qmail 40387 invoked by uid 500); 8 Nov 2008 18:04:32 -0000
Delivered-To: apmail-continuum-users-archive@continuum.apache.org
Received: (qmail 40354 invoked by uid 500); 8 Nov 2008 18:04:32 -0000
Mailing-List: contact users-help@continuum.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@continuum.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@continuum.apache.org>
List-Post: <mailto:users@continuum.apache.org>
List-Id: <users.continuum.apache.org>
Reply-To: users@continuum.apache.org
Delivered-To: mailing list users@continuum.apache.org
Delivered-To: moderator for users@continuum.apache.org
Received: (qmail 69785 invoked by uid 99); 7 Nov 2008 20:15:26 -0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
X-ME-UUID: 20081107201442760.B98777000081@mwinf6009.online.nl
Message-ID: <4914A1B2.8030801@func.nl>
Date: Fri, 07 Nov 2008 21:14:42 +0100
From: Thijs Schnitger <t.schnitger@func.nl>
User-Agent: Thunderbird 2.0.0.17 (Macintosh/20080914)
MIME-Version: 1.0
To: users@continuum.apache.org
Subject: Re: Problem with Subversion and HTTPS Access to Repository
References: <4913348C.5080204@beatport.com> <49140A51.5040407@func.nl>
 <491470DB.5060708@beatport.com>
In-Reply-To: <491470DB.5060708@beatport.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

I appear to have sent you in the wrong direction.
You should indeed let svn know of the CA certificate. This can be done 
in various ways. In my case I added my CAcert to the system defaults in 
/etc/ssl/certs. The svn docs say you need to edit the runtime servers 
file, which can be found in the homedir of the user who runs continuum, 
in ~/.subversion/servers. Edit a parameter called ssl-authority-files.
You may need to restart Continuum.

Hope this helps,

Thijs


Ryan Skorstad wrote:
> I have added my CA to the JVM's keystore using keytool:
> 
> keytool -import -keystore cacerts -file my.ca
> 
> and also:
> 
> keytool -import -keystore cacerts -file my.ca -trustcacerts
> 
> The cafile is located in /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/ which 
> should be the correct location for the JVM that Continuum is using.
> 
> I have verified that the CA is correct by using OpenSSL to connect to my 
> svn repository:
> 
> openssl s_client -CAfile my.ca -connect svn.mydomain.com:443
> 
> It still throws the 'javax.net.ssl.SSLPeerUnverifiedException: peer not 
> authenticated' exception.  Am I using the wrong keystore?  This is the 
> only one on the machine.
> 
> -Ryan
> 
> 
> Thijs Schnitger wrote:
>> Ryan Skorstad wrote:
>>
>>> Is there a way to get my Continuum to trust my CA?
>>>
>>
>> Add the certificate of your CA to the cacerts file of your JRE, using 
>> keytool.
>>
> 
>