SubversionOverHttps

From UABgrid Documentation
Revision as of 12:18, 20 May 2010 by Pavgi@uab.edu (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

You need to configure subversion client to use UABgrid CA certificate and your user certificate to access repository. Following are steps to download certificates and configure subversion client.

Contents

Download certificates

Download user certificate

  • Log in to UABgrid Certificate Authority
  • Request UABgrid certificate from Certificate Management Menu.
  • Download certificate in 'Cert+Key PKCS12' format and save it in safe location (home directory) on your system. This certificate is referred as usercert.pfx in rest of this documentation.

Download UABgrid CA certificate

  • Visit UABgrid CA page to download UABgrid root CA certificate. Right-click on 'FireFox, Konqueror, and similar browsers (PEM format)' link and select 'Save as..' option to save certificate on your system. This certificate is referred as cacert.pem.

Configure SVN client to use certificates

Edit SVN servers file

  • Now you will need to configure Subversion client to use certificates for repository access. Edit 'C:\Documents and Settings\Administrator\Application Data\Subversion' file on Windows XP and edit '~/.subversion/servers' file on Linux. We will be adding a group for uabgrid repositories with usercert.pfx to establish user identify and also trust UABgrid CA by adding cacert.pem in this file.
  • Add usercert.pfx entry:
 
### In the 'groups' section, the URL of the repository you're
### trying to access is matched against the patterns on the right.
### If a match is found, the server options are taken from the
### section with the corresponding name on the left.

[groups]
uabgrid = *.uabgrid.uab.edu 
# othergroup = repository.blarggitywhoomph.com
# thirdgroup = *.example.com

[uabgrid]
ssl-client-cert-file = /path/to/certificate/usercert.pfx 

  • Add cacert.pem entry to 'global' section. This is typically last section in the file:
 
[global] 
ssl-authority-files = /path/to/certificate/cacert.pem 
  • Additionally you may have following configuration parameters available depending on your Subversion client. This includes whether you want to store your passphrase. You may want disable storing your passphrase. Here is a link to SSL certificate management topic in SVN book.
# Password / passphrase caching parameters:
# store-passwords = no
# store-plaintext-passwords = no
# store-ssl-client-cert-pp = no
# store-ssl-client-cert-pp-plaintext = no


Test your setup

  • Test your setup by listing remote repository contents.
 
svn list https://repository-url> 
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox