Feature #38
Root certificate on self-managed systems
0%
Description
The DFN root certificates for server certificates (including scm.in.tu-clausthal.de) are not installed on computer systems by default.
Consequently, browsers will complain about possibly insecure connections, and GIT refuses to clone repositories (unless one deactivates SSL verification).
My current workaround for the first mentioned issue is:
- Get the certificates ("TU Clausthal CA Zertifikat SHA-1" and "DFN-PCA-Zertifikat SHA-1") from https://pki.pca.dfn.de/tu-clausthal-ca/cgi-bin/pub/pki?cmd=getStaticPage;name=index;id=2&RA_ID=0
- Import them into the Web browser in order to stop "possibly insecure page" warning when loading https://scm.in.tu-clausthal.de
My current workaround for the second mentioned issue is:
- Follow aforementioned steps
- Browse to https://scm.in.tu-clausthal.de and use the browser's "view certificate" function to export the certificate chain as base64-encoded PEM format
- Save this certificate chain to a suitable location (such as /Users/dummy/.svn.in.tu-clausthal.de.pem)
- Execute the following command to add the certificates to git as well (instead of only the browser): git config --global http.sslCAInfo /Users/dummy/.svn.in.tu-clausthal.de.pem
Providing the attached cert.pem file (concatenation of all certificates required to securely access scm.in.tu-clausthal.de) on the front page of this Redmine server could mitigate this issue at least to the extent that only the last two steps need to be taken.
Files
No data to display