Server certificate verification failed: issuer is not trusted
Solution 1
can you try to run svn checkout once manually to your URL https://yoururl/trunk C:\ant-1.8.1\Test_Checkout using command line
and accept certificate.
Or as @AndrewSpear says below
Rather than checking out manually run svn list https://your.repository.url from Terminal (Mac) / Command Line (Win) to get the option to accept the certificate permanently
svn will ask you for confirmation. accept it permanently.
After that this should work for subsequent requests from ant script.
Solution 2
Run "svn help commit" to all available options. You will see that there is one option responsible for accepting server certificates:
--trust-server-cert : accept unknown SSL server certificates without
prompting (but only with --non-interactive)
Add it to your svn command arguments and you will not need to run svn manually to accept it permanently.
Solution 3
I wouldn't use:
svn checkout
just to authorizes the server authentication, I rather use:
svn list https://your.repository.url
which will ask you to do the authentication as well.
If this is needed to get authorization to a user that can't login, run:
sudo -u username svn list https://your.repository.url
Solution 4
If you are using svn with Jenkins on a Windows Server, you must accept https certificate using the same Jenkins's Windows service user.
So , if your Jenkins service runs as "MYSERVER\Administrator", you must use this command before all others, only one time of course :
runas /user:MYSERVER\Administrator "svn --username user --password password list https://myserver/svn/REPO "
svn asks you to accept the certificate and stores it in the right path.
After this you'll be able to use svn in jenkins job directly in a Windows batch command step.
Solution 5
As noted in this comment (which of course I missed when trying to solve this issue) the command line options to ignore certificate verification issues have changed in Subversion 1.9 and you should now use --trust-server-cert-failures.
Example:
--non-interactive --trust-server-cert-failures unknown-ca,cn-mismatch,expired,not-yet-valid,other
Here is the relevant inline help from svn 1.13:
--trust-server-cert : deprecated; same as --trust-server-cert-failures=unknown-ca
--trust-server-cert-failures ARG : with --non-interactive, accept SSL server certificates with failures; ARG is comma-separated list of 'unknown-ca' (Unknown Authority), 'cn-mismatch' (Hostname mismatch), 'expired' (Expired certificate), 'not-yet-valid' (Not yet valid certificate) and 'other' (all other not separately classified certificate errors).
Shaun
Updated on July 05, 2022Comments
-
Shaun almost 2 years
I am getting below error when running a target of ANT script. Error message saying that "server certificate verification is failed". Please help how to remove this problem. I am working in Windows XP.
C:\apache-ant-1.8.1>ant checkout Buildfile: C:\Program Files\Java\apache-ant-1.8.1\build.xml checkout: [svn] Using command line interface Svn : Checking out a working copy from a repository : co -r HEAD https://col.../trunk C:\ant-1.8.1\Test_Checkout --username 69 --password *******--non-interactive svn: PROPFIND request failed on '/svn/asia-pac-financials/trunk' svn: PROPFIND of '/sv.../trunk': Server certificate verification failed: issuer is not trusted (https://col....com) BUILD FAILED C:\apache-ant-1.8.1\build.xml:16: Can't checkout Total time: 3 seconds -
emmanuel honore over 12 yearsI added also a example script for PHP here: php.net/manual/en/function.svn-auth-set-parameter.php#104300 for the same problem.
-
ken over 12 yearsThis is the best solution for automated scripts, which won't normally have the luxury of the steps outlined in the accepted answer. It should be noted though that blindly accepting SSL certs basically defeats the entire purpose of SSL, and thus can open you up to MitM attacks.
-
Andrew almost 12 yearsRather than checking out manually I just run
svn list https://your.repository.urlfrom Terminal (Mac) / Command Line (Win) to get the option to accept the certificate permanently. -
Kayser over 11 yearsHow can I add this option, if I use maven scm plugin?
-
Volker Stolz over 11 yearsCan you explain how your code solves his problem? Also, you might want to improve the layout (white-spacing) a bit.
-
Andrey Sboev over 11 yearsthis doesn't work if server sends you certificate with hostname value which differs from actual server hostname
-
Tim Büthe over 10 yearsI have the same problem as Andrey: The validation still fails if the name doesn't match.
-
locke almost 10 yearsOn OS X I needed to use sudo with the svn list command, otherwise selecting (p)ermanent didn't seem to work. -
Stefan over 9 yearsI replaced svn://repos.server.url with https://repos.server.url, only than I got asked to accept the SSL certificate.
-
TechFanDan over 7 yearsUpdated my certs this evening on our SVN server and got this. The cert is trusted per the browser. Why is the SVN client freaking out all of a sudden? Used your trick to solve my issue.
-
cedd almost 5 years--trust-server-cert is deprecated now, and doesn't work as it used to. The equivalent parameter is--trust-server-cert-failures=unknown-ca,cn-mismatch,expired,not-yet-valid,other. See svnbook.red-bean.com/en/1.7/svn.ref.svn.c.commit.html -
Gary Brunton over 4 years@cedd comment worked for me although I can't find any official documentation about it. I did find github.com/MicrosoftDocs/vsts-docs/issues/3681 but that's not from Subversion.
-
Coolio2654 about 4 yearsThis successfully helped me install svn on El Capitan.
-
buzz3791 about 3 yearsIf you're running as the default Windows NT service user (Local System Account i.e. "nt authority\system"), then you'll need to use psexec to open a cmd.exe as this Windows user and run an interactive svn.exe command like "svn --username yourSvnUser list yourSvnUrl" so that you can accept the SVN server's SSL certificate. Afterwards, you can run "svn auth" to check the stored credentials cache. See stackoverflow.com/questions/77528/…
