Certificate authentication on smard card with tortoisesvn

17 views

Skip to first unread message

em

unread,

Oct 17, 2019, 5:47:22 AM10/17/19

to TortoiseSVN

Hi,

I am trying to implement certificate authentication with smart card on my private server.

I have configured Apache with SVN, I can connect via webrowser to get any file from repository.

IE, Chrome (via native Windows certificate system) and FF (via opensc pkcs11 driver) works fine.

I have two smart cards configured with different certificates comming from same CA authorized by server, both working correct.

This CA is also installed in system as trusted root certificates.

The described below messages are my own translation since I use non-english version of windows.

When I try to use TortoiseSVN on reposity, I got windows query "please insert smart card" even if card is already inserted, under details button I get "card detected, but this is wrong card for operation. There might be missing required software".

When I removed the card and plug another one it temporary is accepted, then OS window popup to select certficate to be used, then another window asking for card PIN, but finally it ends with same window "please insert smart card". Then I could repeat it with card used at the begining. Of course I cannot do any operation on the repository

I am doing tests on windows 7 x64, same results with TortoiseSVN 1.12 and 1.9 both x64.

Do you know solution for this problem? Is there a way to somehow debug the communication between Tortoise and windows certificate API?

em

unread,

Oct 17, 2019, 6:25:18 AM10/17/19

to TortoiseSVN

Hi,

Here is some update. I tried also build 1.9.3 mentioned somewhere in post with same result.

I have also tried to generate new certificate with same CA and install it with private key in windows system. Tortoise SVN allow to select it in smart card window, but then reject it.

I have also tried to disable card api by registry entry OpenSSLCapi, and then try to give this certificate in pfx format directly to TortoiseSVN, but it asked again for file and ended with some generic error "server does not support webdav".

For me this sounds like some openssl issue, please advice how to troubleshoot it deeper.

Reply all

Reply to author

Forward

0 new messages