I just updated the certificate on one of my sites due to the old one expiring. The new certificate verifies fine in Internet Explorer 9, Chrome, and Firefox 4 – but when trying to browse/check out the repository with TortoiseSVN, I get the following error:
Error validating server certificate for https://xxx.xxx.com:443:
Unknown certificate issuer.
Fingerprint: 96:b3:fa:19:bd:4a:ec:c2:bc:19:33:b8:25:2a:0a:47:28:41:07:d0
Distinguished name: (c) 2009 Entrust, Inc., www.entrust.net/rpa is incorporated by reference, Entrust, Inc., US
Do you want to proceed?
Accept permanently | Accept once | Reject
Clicking Accept permanently will work, but this is less than ideal. This problem seems to be related to TortoiseSVN and not the certificate, which checks out fine at http://sslinstallcheck.entrust.net/SIC/jsp/MainWebAddress.jsp and http://www.digicert.com/help/.
Any ideas on what could be wrong?
Best Answer
I would say that the cause of the error you list above is because the Entrust certificate is simply not listed in the SSL certificates that TortoiseSVN will trust.
It is possible to configure your Subversion client to ignore such warnings, but I don't think that is a very good idea. However, since you say that your Entrust certificate checks out fine, then you can configure your svn client to accept the Entrust cert.
First, obtain the PEM version of your Entrust certificate and save it locally.
Next, open up your TortoiseSVN settings dialog. Select Network from the tree on the left, and then locate and click the Edit button for Subversion server file.
Finally, edit the Global section to add the full path to the Entrust certificate in PEM form. A full explanation can be found here in the Subversion HTTPD guide.