By default, Subversion Edge has self-signed certificate
Subversion Edge out of the box comes with the Apache Subversion Server https configuration, simply by selecting the check box "Apache Encryption" for "Subversion Server should serve via https." from CSVN Console Administration tab, installs an initial self-signed certificate provided with Subversion Edge.
Procedures to use own SSL certificate
# Backup existing "server.key", "server.crt" and "svnedge.jks"
By default, those files are located as below:/opt/csvn/data/conf/server.key
/opt/csvn/data/conf/server.crt
/opt/csvn/appserver/etc/svnedge.jks
# Make sure openssl and openssl-devel RPMs installed
# Generate a private key
[root@linux64-svn-server ~]# cd
/opt/csvn/data/conf
[root@linux64-svn-server conf]#
openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...............++++++
................++++++
e is 65537 (0x10001)
# Generate a CSR (Certificate Signing Request)
[root@linux64-svn-server conf]#
openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that
will be incorporated
into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:<my_country>
State or Province Name (full name)
[Berkshire]:<my_state>
Locality Name (eg, city) [Newbury]:<my_city>
Organization Name (eg, company) [My Company
Ltd]:<my_org>
Organizational Unit Name (eg, section) []:<my_unit>
Common Name (eg, your name or your server's hostname)
[]:linux64-svn-server.domain.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# check server.csr
[root@linux64-svn-server conf]#
openssl req -noout -text -in server.csr
# Remove Passphrase from key
[root@linux64-svn-server conf]# cp
server.key server.key.org
[root@linux64-svn-server conf]#
openssl rsa -in server.key.org -out server.key
writing RSA key
# Generate a Self-Signed Certificate
# [root@linux64-svn-server conf]# openssl x509 -req -days 365 -in server.csr -signkey
server.key -out server.crt
Or
# Submit server.csr to a certificate authority
Submit the generated server.csr to a Certificate Authority (for example, MY-ENTCASERVER) with “Web Server” Certificate template and download certificate in Base64 format, save it as
server.crt.
# Check server.crt
[root@linux64-svn-server conf]#
openssl x509 -in server.crt -text -noout
# Convert the Apache certificate into PKCS#12 format
[root@linux64-svn-server conf]#
openssl pkcs12 -export -in /opt/csvn/data/conf/server.crt -inkey
/opt/csvn/data/conf/server.key -name svnedge –out /opt/csvn/data/conf/server.p12
Enter Export Password:
Verifying - Enter Export Password:
# Check server.p12
[root@linux64-svn-server conf]#
openssl pkcs12 -info -in server.p12
# Create the java keystore to store the certificate
[root@linux64-svn-server conf]# $JAVA_HOME/bin/keytool -importkeystore -srckeystore
/opt/csvn/data/conf/server.p12 -srcstoretype PKCS12 -destkeystore
/opt/csvn/data/conf/svnedge.jks
Enter destination keystore password:
Enter source keystore password:
Entry for alias svnedge successfully imported.
Import command completed: 1 entries successfully
imported, 0 entries failed or cancelled
# Copy java keystore int INSTALL)DIR/appserver/etc
[root@linux64-svn-server conf]# cp
/opt/csvn/data/conf/svnedge.jks /opt/csvn/appserver/etc/
# Restart csvn console
[root@linux64-svn-server conf]#
service csvn restart
# Subversion Edge own SSL Certificate
get own SSL certificate from https://linux64-svn-server.domain.com:4434/csvn as below
No comments:
Post a Comment