WebSVN accept untrusted HTTPS certificate

certificate https svn

I am using websvn with a remote repository. This repository uses https protocol. After having configured websvn I get on the websvn webpage:

svn --non-interactive --config-dir /tmp list --xml --username '***' --password '***' 'https://scm.gforge.....'
OPTIONS of 'https://scm.gforge.....': Server certificate verification failed: issuer is not trusted

I don't know how to indicate to websvn to execute svn command in order to accept and to store the certificate. Does someone knows how to do it?

UPDATE:

It works! In order to have something which is well organized I have updated the WebSVN config file to relocate the subversion config directory to /etc/subversion which is the default path for debian:

$config->setSvnConfigDir('/etc/subversion');

In /etc/subversion/servers I have created a group and associated the certificate to trust:

[groups]
my_repo = my.repo.url.to.trust

[global]
ssl-trust-default-ca = true
store-plaintext-passwords = no

[my_repo]
ssl-authority-files = /etc/apache2/ssl/my.repo.url.to.trust.crt

You have two possible methods available to resolve this.

Option 1:

su to the user websvn is running as and perform svn log https://your.secure.repo.com/repo/ against the target server. Subversion should then ask you to accept the certificate and you could choose to do so on a permanent basis. Then the cert will be okay to use.

Option 2:

Again, as the user the websvn process runs on, edit ~/.subversion/servers and add to the [global] section;

ssl-authority-files = /home/websvn/ssl/CAcert1.pem

If your after something quicky, then option 1 is the one to use, otherwise go for option two

Correction

As the poster pointed out in the command, svn is being called with the --config-dir option. This means that subversion will expect its configurations to be located in that directory, in this case /tmp. Thus copy the servers and config from ~/.subversion/ to /tmp directory and the subversion client will use those.


There is a third, simpler option. It is possible to configure websvn to trust all server certificates. In include/config.php add or uncomment the following line:

$config->setTrustServerCert();

Related

How do you specify static mount points for removable usb drives?
Can I send HTML mails in Outlook Web Access?
Is it possible to close a socket with a shell command?
Adding security to privoxy
Should I run DBCC checkdb before full backups? Or after?
Can someone explain how NX works?
MYSQL remote read only access, how do I set it up?
Reboot after power failure for Mac running Ubuntu (server)
Is it possible to specify custom error log format in nginx?
Akamai NetStorage vs. Akamai edge service
Making Apache able to write to PHP files with PHP running as DSO?
How to set systemwide ulimit on ubuntu