74

I am getting below error when running a target of ANT script. Error message saying that "server certificate verification is failed". Please help how to remove this problem. I am working in Windows XP. 

C:\apache-ant-1.8.1>ant checkout
Buildfile: C:\Program Files\Java\apache-ant-1.8.1\build.xml

checkout:
[svn] Using command line interface
Svn : Checking out a working copy from a repository :
co -r HEAD https://col.../trunk C:\ant-1.8.1\Test_Checkout 
--username 69 --password *******--non-interactive
svn: PROPFIND request failed on '/svn/asia-pac-financials/trunk'
svn: PROPFIND of '/sv.../trunk': 
Server certificate verification failed: 
issuer is not trusted (https://col....com)

BUILD FAILED
C:\apache-ant-1.8.1\build.xml:16: Can't checkout

Total time: 3 seconds
Shaun
  • 765
  • 2
  • 6
  • 10

10 Answers10

156

can you try to run svn checkout once manually to your URL https://yoururl/trunk C:\ant-1.8.1\Test_Checkout using command line and accept certificate.

Or as @AndrewSpear says below

Rather than checking out manually run svn list https://your.repository.url from Terminal (Mac) / Command Line (Win) to get the option to accept the certificate permanently

svn will ask you for confirmation. accept it permanently.

After that this should work for subsequent requests from ant script.

JoseK
  • 31,141
  • 14
  • 104
  • 131
  • I added also a example script for PHP here: http://www.php.net/manual/en/function.svn-auth-set-parameter.php#104300 for the same problem. – powtac Aug 15 '11 at 09:59
  • 30
    Rather than checking out manually I just run `svn list https://your.repository.url` from Terminal (Mac) / Command Line (Win) to get the option to accept the certificate permanently. – Andrew Jul 06 '12 at 02:36
  • 1
    On OS X I needed to use sudo with the svn list command, otherwise selecting (p)ermanent didn't seem to work. – locke Jul 07 '14 at 02:39
  • I replaced **svn**://repos.server.url with **https**://repos.server.url, only than I got asked to accept the SSL certificate. – Stefan Oct 29 '14 at 12:59
56

Run "svn help commit" to all available options. You will see that there is one option responsible for accepting server certificates:

--trust-server-cert : accept unknown SSL server certificates without prompting (but only with --non-interactive)

Add it to your svn command arguments and you will not need to run svn manually to accept it permanently.

Appulus
  • 18,630
  • 11
  • 38
  • 46
andrey.tsykunov
  • 2,896
  • 2
  • 32
  • 21
  • 4
    This is the best solution for automated scripts, which won't normally have the luxury of the steps outlined in the accepted answer. It should be noted though that blindly accepting SSL certs basically defeats the entire purpose of SSL, and thus can open you up to MitM attacks. – ken Jan 24 '12 at 19:29
  • How can I add this option, if I use maven scm plugin? – Kayser Sep 13 '12 at 17:27
  • 30
    this doesn't work if server sends you certificate with hostname value which differs from actual server hostname – Andrey Sboev Nov 25 '12 at 12:04
  • 1
    I have the same problem as Andrey: The validation still fails if the name doesn't match. – Tim Büthe Jan 09 '14 at 14:42
  • 1
    Updated my certs this evening on our SVN server and got this. The cert is trusted per the browser. Why is the SVN client freaking out all of a sudden? Used your trick to solve my issue. – TechFanDan Dec 22 '16 at 03:07
  • 10
    --trust-server-cert is deprecated now, and doesn't work as it used to. The equivalent parameter is `--trust-server-cert-failures=unknown-ca,cn-mismatch,expired,not-yet-valid,other`. See http://svnbook.red-bean.com/en/1.7/svn.ref.svn.c.commit.html – cedd May 16 '19 at 16:03
  • 1
    @cedd comment worked for me although I can't find any official documentation about it. I did find https://github.com/MicrosoftDocs/vsts-docs/issues/3681 but that's not from Subversion. – Gary Brunton Dec 12 '19 at 18:27
15

I wouldn't use:

svn checkout

just to authorizes the server authentication, I rather use:

svn list https://your.repository.url

which will ask you to do the authentication as well.

If this is needed to get authorization to a user that can't login, run:

sudo -u username svn list https://your.repository.url
Kuf
  • 17,318
  • 6
  • 67
  • 91
3

If you are using svn with Jenkins on a Windows Server, you must accept https certificate using the same Jenkins's Windows service user.
So , if your Jenkins service runs as "MYSERVER\Administrator", you must use this command before all others, only one time of course :

runas /user:MYSERVER\Administrator "svn --username user --password password list https://myserver/svn/REPO "

svn asks you to accept the certificate and stores it in the right path.

After this you'll be able to use svn in jenkins job directly in a Windows batch command step.

Massimo Borgogno
  • 117
  • 1
  • 1
  • 4
  • If you're running as the default Windows NT service user (Local System Account i.e. "nt authority\system"), then you'll need to use psexec to open a cmd.exe as this Windows user and run an interactive svn.exe command like "svn --username yourSvnUser list yourSvnUrl" so that you can accept the SVN server's SSL certificate. Afterwards, you can run "svn auth" to check the stored credentials cache. See https://stackoverflow.com/questions/77528/how-do-you-run-cmd-exe-under-the-local-system-account/78691#78691 – buzz3791 Apr 19 '21 at 20:19
2

As noted in this comment (which of course I missed when trying to solve this issue) the command line options to ignore certificate verification issues have changed in Subversion 1.9 and you should now use --trust-server-cert-failures.

Example:

--non-interactive --trust-server-cert-failures unknown-ca,cn-mismatch,expired,not-yet-valid,other

Here is the relevant inline help from svn 1.13:

--trust-server-cert : deprecated; same as --trust-server-cert-failures=unknown-ca

--trust-server-cert-failures ARG : with --non-interactive, accept SSL server certificates with failures; ARG is comma-separated list of 'unknown-ca' (Unknown Authority), 'cn-mismatch' (Hostname mismatch), 'expired' (Expired certificate), 'not-yet-valid' (Not yet valid certificate) and 'other' (all other not separately classified certificate errors).

Arnaud
  • 3,765
  • 3
  • 39
  • 69
1

Just install the server certificate in the client's trusted root certificates container (if certified it's expired may not work). For further details see this post of similar question.

https://stackoverflow.com/a/21238125/3215589

Community
  • 1
  • 1
Mark
  • 379
  • 3
  • 11
0

The other answers don't work for me. I'm trying to get the command line working in Jenkins. All you need are the following command line arguments:

--non-interactive

--trust-server-cert

Jawa
  • 2,336
  • 6
  • 34
  • 39
lanierhall
  • 530
  • 1
  • 5
  • 15
0

from cmd run: SVN List URL you will be provided with 3 options (r)eject, (a)ccept, (p)ermanently. enter p. This resolved issue for me

moglimcgrath
  • 357
  • 3
  • 5
-1
string cmdArguments = $@"/k svn log --trust-server-cert --non-interactive ""{servidor}"" --username alex --password alex -r {numeroRevisao}";
ProcessStartInfo cmd = new ProcessStartInfo("cmd.exe", cmdArguments);

cmd.CreateNoWindow = true;
cmd.RedirectStandardOutput = true;
cmd.RedirectStandardError = true;
cmd.WindowStyle = ProcessWindowStyle.Hidden;
cmd.UseShellExecute = false;

Process reg = Process.Start(cmd);
string output = "";

using (System.IO.StreamReader myOutput = reg.StandardOutput)
{
    output += myOutput.ReadToEnd();
}
using (System.IO.StreamReader myError = reg.StandardError)
{
    output += myError.ReadToEnd();
}

return output;
Thomas Sauvajon
  • 1,660
  • 2
  • 13
  • 26
Alexandre Lopes
  • 15
  • 1
  • 2
    Can you explain how your code solves his problem? Also, you might want to improve the layout (white-spacing) a bit. – Volker Stolz Nov 13 '12 at 11:06
-1

during command line works. I'm using Ant to commit an artifact after build completes. Experienced the same issue... Manually excepting the cert did not work (Jenkins is funny that way). Add these options to your svn command:

--non-interactive

--trust-server-cert

user2087890
  • 1
  • 1