Red Gate forums :: View topic - SQL Source Control received an invalid HTTPS certificate
Return to www.red-gate.com RSS Feed Available

Search  | Usergroups |  Profile |  Messages |  Log in  Register 
Go to product documentation
SQL Source Control EAP
SQL Source Control EAP forum

SQL Source Control received an invalid HTTPS certificate

Search in SQL Source Control EAP forum
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
Jump to:  
Author Message
jbernardini



Joined: 03 Mar 2008
Posts: 5

PostPosted: Thu May 06, 2010 11:17 pm    Post subject: SQL Source Control received an invalid HTTPS certificate Reply with quote

My svn server uses SSL signed by an internal CA. If you browse svn via a browser you don't get any messages. However, when I try to link a database to a repository on this svn server I receive the following:

SQL Source Control received an invalid HTTPS certificate while connecting to your source control system.

It was invalid in the following ways:
- It was not issued by someone that you trust, or it has been revoked

This could mean that a hacker is impersonating your source control system. If you were expecting this error to occur, or if your system administrator tells you that is is safe to do so, then press OK. Otherwise please press Cancel.
Back to top
View user's profile Send private message
DavidSimner



Joined: 04 Feb 2010
Posts: 49

PostPosted: Fri May 07, 2010 7:01 pm    Post subject: Reply with quote

The error message from SQL Source Control means that it does not trust the SSL certificate that your Subversion server uses. Given the circumstances you describe ("signed by an internal CA") I would guess that this is because SQL Source Control doesn't know that your internal CA should be trusted.

Can I ask what web browser it works fine in?

SQL Source Control should trust all the SSL certificates that Internet Explorer trusts, so if the answer is Internet Explorer, then this is an unknown bug, and I'd very much like to work with you to understand and fix what is causing it to go wrong.

If the answer is not Internet Explorer (e.g. Firefox, Chrome, Safari, etc), then unfortunately at this time, SQL Source Control does not trust all the SSL certificates that they trust, and so I would expect the behaviour that you observed to occur. As a workaround, until we've fixed this, you can either: (1) click the OK button, or (2) configure Internet Explorer to trust your internal CA's SSL certificate.

Looking forward to hearing from you,

David
Back to top
View user's profile Send private message
jbernardini



Joined: 03 Mar 2008
Posts: 5

PostPosted: Tue May 11, 2010 12:17 am    Post subject: Reply with quote

Hi David, it shows trusted in IE and Firefox. Since Firefox is excluded for now and it should be trusted, since IE trusts the site and you can validate the Certificate Path I'm very interested in working with you. I'm hesitant to click the OK button for fear of never being able to reproduce it.
Just let me know how you'd like to tackle this.
Back to top
View user's profile Send private message
DavidSimner



Joined: 04 Feb 2010
Posts: 49

PostPosted: Tue May 11, 2010 6:06 pm    Post subject: Reply with quote

So the thing that would be easiest for me is if I could reproduce your problem here. Would you be able to send me a copy of all of the HTTPS certificates in the chain? This will enable me to create a very similar certificate chain here, and easily debug the issue.

The following instructions will let you save the HTTPS certificate chain from Firefox 3.6.3, but hopefully they should be fairly similar for other versions:

1. Connect to the relevant server, e.g. by putting https://server/ in the address bar, and pressing enter.
2. After the page has loaded, right-click somewhere on the page.
3. Left-click the View Page Info menu item.
4. Left-click the Security tab.
5. Left-click the View Certificate button.
6. Left-click the Details tab.
7. For each one of the certificates in the Certificate Hierarchy, left-click on it to select it, and then click the Export button; the default file name should be fine, so just click the Save button.

You should now have several files, one for each one of the certificates in the Certificate Hierarchy.

If you could email me all of the files, david.simner@red-gate.com, that would be awesome :)
Back to top
View user's profile Send private message
jbernardini



Joined: 03 Mar 2008
Posts: 5

PostPosted: Tue May 11, 2010 8:22 pm    Post subject: Reply with quote

I have sent you an email with the requested items attached. Please let me know if you don't receive it.
Back to top
View user's profile Send private message
jbernardini



Joined: 03 Mar 2008
Posts: 5

PostPosted: Tue May 18, 2010 10:49 pm    Post subject: Reply with quote

I resolved this issue by adjusting a file installed with SQL Source Control. I exported our CA certificate from the Certificate manager in pem format and saved it to my c drive. I then modified the file, %APPDATA%\Subversion\servers, adjusting parameter: ssl-authority-files to read: ssl-authority-files = c:\ca.pem
Back to top
View user's profile Send private message
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies. All times are GMT + 1 Hour
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group