Differences between revisions 4 and 5
Revision 4 as of 2014-02-20 02:21:30
Size: 1880
Editor: KevinMcGrail
Comment:
Revision 5 as of 2014-02-20 02:25:00
Size: 1740
Editor: KevinMcGrail
Comment: adding the current cert for the docs
Deletions are marked like this. Additions are marked like this.
Line 13: Line 13:
 - Hostname: svn.apache.org
 - Valid: from Jan 26 14:18:55 2007 GMT until Jan 26 14:18:55 2009 GMT
 - Issuer: http://www.starfieldtech.com/repository, Starfield Technologies, Inc., Scottsdale, Arizona, US
 - Fingerprint: a7:a5:3f:1a:ae:bb:98:b2:f3:ec:91:1b:63:29:2d:e8:58:b6:53:28
 - Hostname: *.apache.org
 - Valid: from Fri, 07 Feb 2014 00:00:00 GMT until Thu, 07 Apr 2016 23:59:59 GMT
 - Issuer: Thawte, Inc., US
 - Fingerprint: dd:73:02:e6:4f:9e:fc:48:82:cc:61:68:f6:98:f0:aa:66:43:84:78
Line 36: Line 36:
 - Hostname: svn.apache.org
 - Valid: from Jan 26 14:18:55 2007 GMT until Jan 26 14:18:55 2009 GMT
 - Issuer: http://www.starfieldtech.com/repository, Starfield Technologies, Inc., Scottsdale, Arizona, US
 - Fingerprint: a7:a5:3f:1a:ae:bb:98:b2:f3:ec:91:1b:63:29:2d:e8:58:b6:53:28
 - Hostname: *.apache.org
 - Valid: from Fri, 07 Feb 2014 00:00:00 GMT until Thu, 07 Apr 2016 23:59:59 GMT
 - Issuer: Thawte, Inc., US
 - Fingerprint: dd:73:02:e6:4f:9e:fc:48:82:cc:61:68:f6:98:f0:aa:66:43:84:78

Dealing with SVN cert changes

Infrastructure may change the SSL certificate used for svn.apache.org. Since we use an "https" SVN external, this causes problems: all users of SVN will be presented with a warning like the following:

svn up

Fetching external item into 'rulesrc'
Error validating server certificate for 'https://svn.apache.org:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: *.apache.org
 - Valid: from Fri, 07 Feb 2014 00:00:00 GMT until Thu, 07 Apr 2016 23:59:59 GMT
 - Issuer: Thawte, Inc., US
 - Fingerprint: dd:73:02:e6:4f:9e:fc:48:82:cc:61:68:f6:98:f0:aa:66:43:84:78
(R)eject, accept (t)emporarily or accept (p)ermanently? p
External at revision 513302.

At revision 513302.

This includes various automated scripts. Here's how to update their certs to fix this problem.

Log into spamassassin.zones.apache.org, and issue:

sudo su - release
[type password]
svn info https://svn.apache.org/repos/asf/spamassassin/trunk
Error validating server certificate for 'https://svn.apache.org:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: *.apache.org
 - Valid: from Fri, 07 Feb 2014 00:00:00 GMT until Thu, 07 Apr 2016 23:59:59 GMT
 - Issuer: Thawte, Inc., US
 - Fingerprint: dd:73:02:e6:4f:9e:fc:48:82:cc:61:68:f6:98:f0:aa:66:43:84:78
(R)eject, accept (t)emporarily or accept (p)ermanently? p
External at revision 513302.

At revision 513302.

exit

repeat the above for the automc, updatesd, bbmass and buildbot accounts.

SvnCertUpdate (last edited 2014-02-20 02:25:00 by KevinMcGrail)