文档章节

Server certificate verification failed: certificate issued for a different hostn

暗之幻影
 暗之幻影
发布于 2015/09/23 16:59
字数 800
阅读 25
收藏 0

> PROPFIND request failed on '/svn/Superscout'
> PROPFIND of '/svn/Superscout': Server certificate verification 
> failed: certificate issued for a different hostname, issuer is not 
> trusted (https://XX.XX.XX.XX)



First, here's how to fix the situation:

1. Open Terminal (in Utilities, in Applications)
2. Type some svn command against your repository, say "svn ls https://82.100.10.11​0/svn/Superscout 
"
3. You'll get a text prompt about the server's certificate, asking you 
what to do
4. Type "p" (and return), meaning "permanently accept this certificate 
anyway"

That answer will be saved away in a place that both the command line 
"svn" and also SCPlugin will reuse.

Now, the explanation, in case you're curious:

You're accessing Subversion through the HTTP protocol, the same one 
used by web browsers. This is probably the most common way to use SVN. 
HTTP servers can, and often do, use an encrypted connection, called 
"https". Subversion can do that, too, and that's what's going on here.

The encryption includes a "server certificate," a digital signature 
that proves that the server you're talking to really is the one you 
think it is. This is included because it is possible to arrange so 
that connections you think are going to one computer actually go to 
another. There's an attack called the "man in the middle," where some 
bad person sets things up this way, then forwards messages back and 
forth between you and the true server. Your web browser (or 
Subversion) sends and receives exactly the packets it expects to, but 
the "man in the middle" is reading everything. Unfortunately, there is 
no way to detect or prevent this from the stream of messages alone.

The server certificate protects you against this, because the server 
certificates are digitally signed by someone else. The idea is that 
there should be a few signatories that you trust to do this, and you 
can confirm that one of these signed a given server's certificate, and 
hence you trust that it's the one you want. This is the same as 
checking a person's driver's license: you trust the state to attest 
who the person is; you've seen driver's licenses before and can spot a 
phony (at least, if it's not too good a phony), and so having seen the 
license, you can trust that the person is who they claim to be.

This process isn't working for you. The messages actually say there 
are two problems:

- certificate issued for a different hostname
- issuer is not trusted

In the first problem: if I claim to be "Jack Repenning," and attempt 
to prove that by showing you a license for "Fred Smithers," you'd be 
more than a little suspicious, right? Same thing here. However, this 
is probably because you told Subversion to contact "https://82.100.10.110 
" -- that is, the server's "name" is 82.100.10.110. That's the host 
*address*, but typically the server's actual certificate is for their 
host *name*. If you try again, using "https:// 
server.superscout.co.uk" (or whatever the name actually is), this part 
will probably go away. But maybe not: when I try to look up that 
address in the global DNS name base, I don't get a reply. Probably 
that address is internal to your company network, and so conceivably 
you may not have DNS properly set up for it. Maybe that's why you used 
an address rather than a name. At any rate, the procedure above will 
reassure Subversion that this combination really is OK.

In the second problem: metaphorically, Subversion is saying "this 
looks like a driver's license, but it's from some country I've never 
heard of, how do I know whether it's a valid license from there?" 
Actually, there's a good chance that this certificate is signed by one 
of the standard authorities: there's a bug in OS X about the 
installation of this information, as a result of which Subversion (and 
SCPlugin) requires some extra configuration work in order to find the 
list of trusted authorities. If you're going to be connecting to a 
great many different servers, it might be worth your while to fix 
this. That can be done, but until Apple fixes the bug it also means 
you have to manually update it from time to time (about once a year), 
which would be tiresome.

The procedure above works once for all time, for this one address. If 
you only have to do it a few times, you're better off just doing it 
than fixing the authority list. But if you want to fix up the list, 
you can find the directions in the users@ list on scplugin. Or, just 
ask there again, and someone will restate them, or point you to them.




-==-
Jack Repenning
jackrepenning at tigris dot org
Project Owner
SCPlugin
http://scplugin.tigris.org
"Subversion for the rest of OS X"

本文转载自:http://depravedangel.iteye.com/blog/1452194

暗之幻影
粉丝 20
博文 377
码字总数 71245
作品 0
南京
高级程序员
私信 提问
Server certificate verification failed: certificat

PROPFIND request failed on '/svn/Superscout' > PROPFIND of '/svn/Superscout': Server certificate verification > failed: certificate issued for a different hostname, issuer is no......

暗之幻影
2015/11/12
140
0
http 使用curl发起https请求

http 使用curl发起https请求 今天一个同事反映,使用curl发起https请求的时候报错:“SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3......

JORDANSG
2012/07/13
1K
0
搭建bower私服(svn)

目录 1 文档概述 2 具体步骤 2.1 软件环境: 2.2 软件环境搭建教程 2.2.1 安装 SVN 客户端 2.2.2 安装 nodejs 客户端 2.2.3 npm 组件bower 的安装 2.2.4 SVN 服务器 2.3 安装前端包到本地工程...

阿祥_开源中国
2016/03/01
228
0
Server SSL certificate verification failed: certificate issued for a different hostname, issuer is

can you try to run once manually to your URL using command line and accept certificate. Or as @AndrewSpear says below Rather than checking out manually run from Terminal (Mac) /......

Michaelyn
2017/10/27
89
0
12.17 Nginx负载均衡 12.18 ssl原理 12.19 生成ssl密钥对 12.20 N

12.17 Nginx负载均衡 [root@martin001 ~]# yum install -y bind-utils [root@martin001 ~]# dig www.qq.com ANSWER SECTION: www.qq.com. 73 IN A 59.37.96.63 www.qq.com. 73 IN A 14.17.4......

martin20162018
2018/03/16
0
0

没有更多内容

加载失败,请刷新页面

加载更多

springboot2.0 maven打包分离lib,resources

springboot将工程打包成jar包后,会出现获取classpath下的文件出现测试环境正常而生产环境文件找不到的问题,这是因为 1、在调试过程中,文件是真实存在于磁盘的某个目录。此时通过获取文件路...

陈俊凯
今天
6
0
BootStrap

一、BootStrap 简洁、直观、强悍的前端开发框架,让web开发更加迅速、简单 中文镜像网站:http://www.bootcss.com 用于开发响应式布局、移动设备优先的WEB项目 1、使用boot 创建文件夹,在文...

wytao1995
今天
10
0
小知识:讲述Linux命令别名与资源文件的区别

别名 别名是命令的快捷方式。为那些需要经常执行,但需要很长时间输入的长命令创建快捷方式很有用。语法是: alias ppp='ping www.baidu.com' 它们并不总是用来缩短长命令。重要的是,你将它...

老孟的Linux私房菜
今天
8
0
《JAVA核心知识》学习笔记(6. Spring 原理)-5

它是一个全面的、企业应用开发一站式的解决方案,贯穿表现层、业务层、持久层。但是 Spring 仍然可以和其他的框架无缝整合。 6.1.1. Spring 特点 6.1.1.1. 轻量级 6.1.1.2. 控制反转 6.1.1....

Shingfi
今天
8
0
Excel导入数据库数据+Excel导入网页数据【实时追踪】

1.Excel导入数据库数据:数据选项卡------>导入数据 2.Excel导入网页数据【实时追踪】:

东方墨天
今天
11
1

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部