Computers Linux

Make SVN trust a new CA

I routinely use Subversion to host all my software projects. For a long time I just got used to permanently accept the certificate warning when checking out a certain project – even though what I really wanted was for SVN to trust my home-made root CA certificate. Finally, I have found time to learn how to make SVN trust my CA and here is how:

  1. Download the root CA certificate
  2. Check that the certificate is in PEM form by issuing “openssl x509 -text -in certificate.crt”. If the output doesn’t make sense, then try with “openssl x509 -text in certificate.crt -inform der”
  3. To convert a DER certificate to PEM, issue “openssl x509 -in certificate-der.crt -inform der -out certificate-pem.crt -outform pem”
  4. You may want to copy the CA certificate to /etc/ssl/certs – although it is not required
  5. Edit your ./subversion/servers file. Change or add the value ssl-authority-files in the [globals] section so that it includes the CA certificate (in PEM form). The ssl-authority-files value is colon separated.