# SubversionOverHttps

You need to configure subversion client to use UABgrid CA certificate and your user certificate to access repository. Following are steps to download certificates and configure subversion client.

## Contents

• Request UABgrid certificate from Certificate Management Menu. After completing certificate request you will be prompted to download the certificate, but ignore this prompt as you will need the certificate in different format to use with SVN client.
• Now go back to Certificate Management Menu and click on download link for 'Cert+Key PKCS12' file format. The download link will prompt you for a passphrase to protect your private key. For security reasons, you should use a a strong passphrase to protect private key in this file. Please remember this passphrase as you will need to enter it for interacting with SVN repository.
• Save this PKCS12 file in a safe location (home directory) on your system. This certificate is referred as usercert.pfx in rest of this documentation.

• Visit UABgrid CA page to download UABgrid root CA certificate. Right-click on 'FireFox, Konqueror, and similar browsers (PEM format)' link and select 'Save as..' option to save certificate on your system. This certificate is referred as cacert.pem.

## Configure SVN client to use certificates

### Edit SVN servers file

• Now you will need to configure Subversion client to use certificates for repository access. Edit 'C:\Documents and Settings\<Username>\Application Data\Subversion' file on Windows XP and edit '~/.subversion/servers' file on Linux. We will be adding a group for uabgrid repositories with usercert.pfx to establish user identify and also trust UABgrid CA by adding cacert.pem in this file.

### In the 'groups' section, the URL of the repository you're
### trying to access is matched against the patterns on the right.
### If a match is found, the server options are taken from the
### section with the corresponding name on the left.

[groups]
uabgrid = *.uabgrid.uab.edu
# othergroup = repository.blarggitywhoomph.com
# thirdgroup = *.example.com

[uabgrid]
ssl-client-cert-file = /path/to/certificate/usercert.pfx


• Add cacert.pem entry to 'global' section. This is typically last section in the file:

[global]
ssl-authority-files = /path/to/certificate/cacert.pem

• Additionally you may have following configuration parameters available depending on your Subversion client. This includes whether you want to store your passphrase. You may want disable storing your passphrase. Here is a link to SSL certificate management topic in SVN book.
# Password / passphrase caching parameters:
# store-ssl-client-cert-pp = no
# store-ssl-client-cert-pp-plaintext = no