LetsEncrypt server certificate causing problems when Internet is down
46 views
Skip to first unread message
Kenneth Porter
Jan 9, 2020, 1:42:13 PM1/9/20
to TortoiseSVN
My company lost its Internet connection over the holidays when the ISP decided to replace the telephone cabinet down the street after a drunk clobbered it. Alas, phone companies won't provide a good estimate of when the service will return.
My Windows clients in the office are having trouble connecting to the server using any Subversion client, including Tortoise. (We also use the SlikSvn command line client.) Server operations hang for minutes and then time out. Tortoise tells me it can't confirm the validity of the server's LetsEncrypt certificate. I can browse the repo just fine with Firefox. I'm guessing that without the Internet connection, the Subversion clients won't trust the LetsEncrypt cert. Is there some place I can put their cert chain file so that Tortoise and the command line clients can use it? Server is Apache 2.4 on CentOS 7.
David Balažic
Jan 10, 2020, 6:20:01 AM1/10/20
to TortoiseSVN
It may be trying to check if the certificate was revoked.
There _might_ be an option to turn this check of, but is obviously a bad practice from security standpoint.
Kenneth Porter
Jan 10, 2020, 6:25:53 AM1/10/20
to TortoiseSVN
I control the gateway and DNS, so perhaps I can intercept that check from there until my Internet comes back up. What does that check look like? A web request to a particular hostname?
David Balažic
Jan 10, 2020, 9:48:06 AM1/10/20
to TortoiseSVN on behalf of Kenneth Porter
The URL for the CRL (and OSCP) is typically in the certificate itself.
Just open it (on Windows) or list the properties with the openssl tool
or similar.
Regards,
David
On Fri, 10 Jan 2020 at 12:25, Kenneth Porter via TortoiseSVN
<tortoisesvn+APn2wQc3pPhp24NnRs9g...@googlegroups.com>
wrote:
> --
> You received this message because you are subscribed to a topic in the Google Groups "TortoiseSVN" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/tortoisesvn/Ur7I1MV4jA8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to tortoisesvn...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/19a821d8-324b-4f43-bf98-8f4f63a30404%40googlegroups.com.
Just open it (on Windows) or list the properties with the openssl tool
or similar.
Regards,
David
On Fri, 10 Jan 2020 at 12:25, Kenneth Porter via TortoiseSVN
<tortoisesvn+APn2wQc3pPhp24NnRs9g...@googlegroups.com>
wrote:
> You received this message because you are subscribed to a topic in the Google Groups "TortoiseSVN" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/tortoisesvn/Ur7I1MV4jA8/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to tortoisesvn...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/19a821d8-324b-4f43-bf98-8f4f63a30404%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages