Apache SSL config was almost default (yum install mod_ssl), just changing certificate public and private keys, and CAS files.
If you logg in with a browser it worked fine, but with TortoiseSVN you got this error:
svn: E175002: Unable to connect to a repository at URL 'https://myServer/svn-exp/dart/conf'
svn: E175002: OPTIONS of 'https://myServer/svn-exp/dart/conf': SSL handshake failed: SSL error: certificate verify failed (https://myServer)
Thins I checked:
- Certificate Common Name (CN) matches URL domain
- URL domain matches the ServerName of virtual host
- The ServerName of virtual host matches de machine´s host name (hostname -f)
- Server public certificate is a trusted certificate in the svn client´s machine
- In a desperate movement, I even added the certificate to cacerts of JRE
Result: failed
Finally, a partner (by this time I was in a deep hole of resignation) found a workarround:
- Go to %APPDATA%\Subversion
- Edit servers file.
- Manually, set the value of ssl-authority-files key in order it points de server certificate CA
[global] # http-proxy-exceptions = *.exception.com, www.internal-site.org # http-proxy-host = defaultproxy.whatever.com # http-proxy-port = 7000 # http-proxy-username = defaultusername # http-proxy-password = defaultpassword # http-compression = no # http-auth-types = basic;digest;negotiate # No http-timeout, so just use the builtin default. # No neon-debug-mask, so neon debugging is disabled. ssl-authority-files = /path/to/CAcert.pem;/path/to/CAcert2.pem # # Password / passphrase caching parameters: # store-passwords = no # store-plaintext-passwords = no # store-ssl-client-cert-pp = no # store-ssl-client-cert-pp-plaintext = no