Page MenuHomePhabricator

Unable to connect to SVN repo with invalid SSL cert
Closed, WontfixPublic

Event Timeline

zzh assigned this task to chad.
zzh raised the priority of this task from to Needs Triage.
zzh updated the task description. (Show Details)
zzh added a subscriber: zzh.
chad removed chad as the assignee of this task.Mar 6 2015, 3:21 AM

Server SSL certificate verification failed: certificate issued for a different hostname, issuer is not trusted
Im pretty sure that is the issue, either connect over an unsecured connection, generate a valid certificate for the hostname, or have your phabricator host ignore invalid ssl certs

how to set phabricator host ignore invalid ssl certs?

Mnkras renamed this task from Diffusion > Repository, SVN file cat has a problem to Unable to connect to SVN repo with invalid SSL cert.Mar 6 2015, 3:30 PM

I have add the ssl certs like "https://192.168.205.170/rZZH34382", but also have the same problem:

And the Subversion server is install over other machine, I'm not the administrator

In T7471#100638, @zzh wrote:

And the Subversion server is install over other machine, I'm not the administrator

Hi, meet the same error and situation as yours. Have you found any solution?

I installed phabricator using the shell script ( http://www.phabricator.com/rsrc/install/install_rhel-derivs.sh ) and meet the same error. When I run the svn command like

svn --non-interactive --no-auth-cache --trust-server-cert --username 'xxxxx' --password 'xxxxx' cat 'https://ip/svn/pro/common/rules/service/RulesService.java@5373'

The command returned the right content.

How should I fix the problem?

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Thanks a lot, I fixed the problem as what you had said,

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Hi, how can I check what's the "webuser" of mine?

I've tried many methods, but only this work.
Set your host (displays in your certificate) in /etc/host such as

192.168.1.100 certicaficate_hostname

Login as webuser , run svn checkout command and accept the certificate permanently .

like this:
#cd /tmp
#su wwwrun -s /bin/sh
#svn co https://ip/svn/pro/xxxxxx
... select permanently ...
#exit

Refresh phabricator's web page.

Hi, how can I check what's the "webuser" of mine?

You can find it in webserver's configfile.

Aapche2:

#/> /usr/sbin/httpd2   -t -D DUMP_RUN_CFG 2> /dev/null  | grep User
User: name="wwwrun" id=30 not_used

nginx:

#/> grep -E "^user" /etc/nginx/nginx.conf
user  www-user;

lighttpd:

#/> grep -E ^server.username  /etc/lighttpd/lighttpd.conf
server.username  = "lighttpd"

Or try ps aux | grep <YOUR WEBSERVER PROCESS NAME> .
The user name will be shown at the 1rst column.

Webserver process name list:

  • Apache2 : httpd2
  • thttpd : thttpd
  • nginx : nginx

On my box:

#> ps aux | grep httpd
wwwrun    1195  0.0  0.2 280516 48176 ?        S    03:37   0:07 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
wwwrun    1991  0.0  0.0 244952 11800 ?        S    18:55   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
wwwrun    2080  0.0  0.2 277028 43664 ?        S    18:55   0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start
root      3174  0.0  0.1 243660 20900 ?        Ss   May29   0:36 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D SYSTEMD -DFOREGROUND -k start

PS:
If you have root privilege, aelam's method worths a shot 。 :)

epriestley claimed this task.
epriestley added a subscriber: epriestley.

Get a valid certificate or configure your system to trust your self-signed certificate. This is not a problem with Phabricator and I do not plan to support insecure SSL configurations in the upstream.

Any idea of how to do this on CentOs?

"configure your system to trust your self-signed certificate"