[Discuss] server certificates for the https protocol

John Blomfield jabfield at shaw.ca
Mon Jan 28 14:17:24 PST 2008 

Alan W. Irwin wrote:
> On 2008-01-27 12:56-0800 Alan W. Irwin wrote:
>
>> Could somebody give me a brief description of what server 
>> certificates are
>> and the practical steps I should take to deal with invalid ones?
>>
>> For example, I am currently getting the following message from an svn 
>> commit
>> to SF
>>
>> software at raven> svn commit .
>> Error validating server certificate for 
>> 'https://lasi.svn.sourceforge.net:443':
>> - The certificate is not issued by a trusted authority. Use the
>>   fingerprint to validate the certificate manually!
>> Certificate information:
>> - Hostname: *.svn.sourceforge.net
>> - Valid: from Tue, 09 Oct 2007 14:15:07 GMT until Mon, 08 Dec 2008 
>> 15:15:07 GMT
>> - Issuer: Equifax Secure Certificate Authority, Equifax, US
>> - Fingerprint: 
>> fb:75:6c:40:58:ae:21:8c:63:dd:1b:7b:6a:7d:bb:8c:74:36:e7:8a
>> (R)eject, accept (t)emporarily or accept (p)ermanently?
>>
>> Is this the fault of SourceForge or Equifax or is there a real security
>> concern here?
>>
>> How do I "validate the certificate manually".
>
> ping...
>
> Is there anybody on this list with some working knowledge of https server
> certificates they would be willing to share?
>
Sorry, can't claim any working knowledge of dealing with https server 
certificates directly but can offer the following comments that may 
point you in the right direction. My first observation is that you are 
trying to svn commit, and to do this to a sourceforge server, you 
probably have to be approved by the project group that you are working 
on??  You can normally 'checkout' or 'update' anonymously but permission 
is required to 'commit'.  I assume you have this permission?

My second observation is that I think the 'Fingerprint' is the public 
key used to encrypt the data that you upload to the server, probably 
used to encrypt your own private key, in turn used to verify your 
approved existence.  If you google on 'svn secure certificate' you will 
turn up other people with the same problem but I haven't followed the 
links to get to an answer!  They seem to be using a series of commands 
to, accept, or reject, temporarily, etc!

John Blomfield


> Alan
> __________________________
> Alan W. Irwin
>
> Astronomical research affiliation with Department of Physics and 
> Astronomy,
> University of Victoria (astrowww.phys.uvic.ca).
>
> Programming affiliations with the FreeEOS equation-of-state 
> implementation
> for stellar interiors (freeeos.sf.net); PLplot scientific plotting 
> software
> package (plplot.org); the libLASi project (unifont.org/lasi); the 
> Loads of
> Linux Links project (loll.sf.net); and the Linux Brochure Project
> (lbproject.sf.net).
> __________________________
>
> Linux-powered Science
> __________________________
> _______________________________________________
> Discuss mailing list
> Discuss at vlug.org
> http://ladybug.vlug.org/cgi-bin/mailman/listinfo/discuss
>

More information about the Discuss mailing list