New Certificate Installed; llvm.org Back Up; Issues Linger

Dear All,

The good news is that the new llvm.org SSL certificate is installed and appears to be configured correctly.

The bad news is that some machines seem to recognize the intermediate SSL certificate (which is apparently used to sign the SSL certificates UIUC buys starting this year) while others do not. In particular, our internal Linux machines show no errors, while our Macs and llvm.org's SVN client do.

If you see this error message:

Error validating server certificate for 'https://llvm.org:443':
  - The certificate is not issued by a trusted authority. Use the
    fingerprint to validate the certificate manually!
Certificate information:
  - Hostname: llvm.org
  - Valid: from Tue, 21 Jun 2011 00:00:00 GMT until Fri, 20 Jun 2014 23:59:59 GMT
  - Issuer: InCommon, Internet2, US
  - Fingerprint: 3e:a5:0e:1c:c8:fb:71:41:06:71:e8:ac:fc:c5:be:97:4a:21:01:2e
(R)eject, accept (t)emporarily or accept (p)ermanently?

... then your client is not happy with the intermediate SSL certificate, but you should be able to accept the certificate and continue using SVN.

I've decided to keep the new SSL certificate installed since a cert that works for some (hopefully most) LLVM users is better than an expired cert that flags a warning for everyone (Tanya, if you disagree, please feel free to revert the change). In the meantime, I'll talk to the IT people who renewed our certificate and see if they know what's causing this issue.

Sorry for the inconvenience.

-- John T.

Dear All,

The good news is that the new llvm.org SSL certificate is installed and
appears to be configured correctly.

As a followup to this, I discovered that I was using the MacPorts version of the svn client on our Mac OS X system. Using the svn client in /usr/bin/svn seems to recognize the certificate just fine.

The pattern that I'm seeing is that newer versions of svn (e.g., 1.6.13 and 1.6.16) seem to work while older versions (1.5.4 and 1.6.12) do not.

If you're having trouble with the new certificate, upgrading svn might fix it.

-- John T.

Any issues with permanently accepting the intermediate certificate, which I did this morning,
when getting the message?

Thanks in advance

Garrison

Any issues with permanently accepting the intermediate certificate, which I did this morning,
when getting the message?

No, I haven't seen any issues with just permanently accepting the certificate. It's just that not needing to override a certificate warning is more ideal (and safer).

-- John T.