On my Windows PC my primary tool for accessing subversion repositories is TortoiseSVN. A while ago I updated to TortoiseSVN 1.8.4. This version of TortoiseSVN is based upon Subversion 1.8. So I migrated all my working copies from SVN 1.7 to 1.8. So far, so good.
Unfortunately later I realized that SvnKit in NetBeans 7.4 is still based on Subversion 1.7 and no update to 1.8 is available by now. So SvnKit started telling me “sorry, SvnKit is too old to work together with your SVN working copy”. No problem, I thought. I switched to command line tools (CLI) as mentioned by SvnKit. All went good, except for repositories via HTTPS using SSL/TLS certificates signed by an internal root-CA and self-signed certificates respectively.
When I tired to access such a repository I got the following response (see figure 1, too):
svn: E230001: Unable to connect to a repository at URL 'https://svn.example.com/project/trunk' svn: E230001: Server SSL certificate verification failed: issuer is not trusted
Unluckily there was no way to accept the untrusted SSL certificate.
A research on the Internet brought up this bug report in NetBeans 7.4:
Unfortunately this bug is fixed in the development branch of NetBeans only which will become version 8.0. For the current release 7.4 there is no fix available or planned. So I played a bit with my configuration and was successful. I found a simple workaround!
Trusting the Untrusted
In NetBeans you will find a configuration file
in your user profile. This is the
servers configuration file which is known from Subversion’s client tool
svn. Simply edit this file and add a group for your untrusted certificate(s).
For example: If your servers belong to the domain
example.com and your corresponding root-CA’s certificate is stored in the file
C:\certificates\example-ca.crt, add the following lines:
[groups] example1 = *.example.com [example1] ssl-authority-files = c:/certificates/example-ca.crt
If you have a single server with a self-signed certificate only, add lines like the following. The server in this example is
svn.example.com and its certificate is stored in
[groups] svn1 = svn.example.com [svn1] ssl-authority-files = c:/certificates/svn.example.com.crt
Unfortunately editing this file is not enough. When I tried to access my repository after these changes. The connection worked but operations afterward failed again. I found out that NetBeans simply overwrote my changes in
servers with empty settings.
So I typed in my changes again and changed the file permissions of
servers by Windows’ file explorer to read-only. This is enough to prevent NetBeans from overwriting the file. After this little trick my problem was solved permanently. I hope it will survive future updates in NetBeans 7.4, too.