![]() ![]() Create or overwrite the following IfModule section so that it appears as follows:.Uncomment or add the load module directive for mod_ssl:.Change the server name to include the SSL port, 443:.Open the nf file in the Apache configuration folder (C:\Program Files\CollabNet Subversion Server\httpd\conf).Copy the svnserver.key and svnserver.cert from the Apache bin folder to the Apache conf folder.Delete the svnserver.csr in the Apache bin folder.Openssl x509 -in svnserver.csr -out svnserver.cert -req -signkey svnserver.key -days 7300 The following command sets the certificate expiration to 20 years. Create the self signed certificate with the following command.Openssl rsa -in svnserver.key -out svnserver.key Enter the passphrase you specified in the last step. Remove the passphrase from the private key with the following command.Openssl req -config nf -new -out svnserver.csr This will create a svnserver.csr and svnserver.key file in the Apache bin folder. Also remember the pass phrase you entered as it will be required for the following step. Be sure to enter the ip address or DNS name of the server when prompted for the common name. Run the following command to generate the private key and certificate request files.Open up a command prompt in the Apache bin folder (C:\Program Files\CollabNet Subversion Server\httpd\bin).Create an OpenSSL configuration file under the Apache bin folder (C:\Program Files\CollabNet Subversion Server\httpd\bin) called nf and set its contents as follows:ĪuthorityKeyIdentifier = keyid:always,issuer:alwaysĭistinguished_name = req_distinguished_name.Note that in TortoiseSVN you can check the "Save Authentication" checkbox to avoid having to repeatedly enter your credentials:.Perform the test noted in step #3 to test connectivity, this time logging in with a user from the domain specified above.Restart the Apache2 service after the nf file has been saved. ![]() You can use this option if there is no AD server. If it is the local server name the local user accounts will be used to authenticate. Be sure to specify the SSPIDomain which can be an AD domain or the local server name. Add the following settings, under "# Active Directory Auth", to the location section.LoadModule sspi_auth_module modules/mod_auth_sspi.so Add the following line to (Or uncomment it in) the Apache configuration file (nf) in the LoadModule section:.Open the nf file in the Apache configuration folder (C:\Program Files\CollabNet Subversion Server\httpd\conf).After unzipping the contents if the zip, copy the mod_auth_sspi.so (In the bin folder) into the Apache modules folder (C:\Program Files\CollabNet Subversion Server\httpd\modules). For example mod_auth_sspi-1.0.4- 2.0.58.zip would be for Apache 2.0.x and mod_auth_sspi-1.0.4- 2.2.2.zip would be for Apache 2.2.x (Thanks to Dan Switzer for pointing this out, I totally missed that!). You will want to match the major and minor Apache build with the version number trailing the SSPI module version number. Browse to the test repository at with a Subversion client and create a folder to verify that everything is setup correctly.Start the Apache service it should be called Apache2.Open a command prompt and run the following command from the CollabNet installation folder (C:\Program Files\CollabNet Subversion Server\) to create a test repository:.The other two options should be set accordingly. Also remember to check the "Install Apache. You can set an arbitrary http port for now it will change when SSL is setup. Make sure that only the Apache (MOD_DAV_SVN) component is checked.Install the latest CollabNet Win32 distribution found here.And thanks to a bunch of people who I cant remember who posted info on the web that helped in compiling these steps! :) BTW, I'm by no means an Apache guru so please leave a comment if I'm missing anything. The following is a step by step installation of Subversion over Apache and SSL authenticating through an Active Directory server or local server accounts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |