{"id":73,"date":"2009-03-25T11:12:06","date_gmt":"2009-03-25T09:12:06","guid":{"rendered":"http:\/\/bergs.biz\/blog\/?p=73"},"modified":"2009-03-25T11:12:06","modified_gmt":"2009-03-25T09:12:06","slug":"mac-os-x-svn-client-doesnt-know-about-common-ca-certs","status":"publish","type":"post","link":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/","title":{"rendered":"Mac OS X &#8220;svn&#8221; client doesn&#8217;t know about common CA certs"},"content":{"rendered":"<p>I recently stumbled across a problem with Mac OS X Leopard&#8217;s &#8220;svn&#8221; (Subversion) client which doesn&#8217;t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using &#8220;Keychain Access.&#8221;)<\/p>\n<p>It turned out that it only uses the certificates it find in <code>\/System\/Library\/OpenSSL\/certs<\/code>.<\/p>\n<p>The strange thing is that the Thawte certificate in fact is already present on Mac OS, but it&#8217;s inside <code>\/usr\/share\/curl\/curl-ca-bundle.crt<\/code>, which svn doesn&#8217;t know about. So what I did to make it work is the following:<\/p>\n<p>I extracted the certificate from <code>\/usr\/share\/curl\/curl-ca-bundle.crt<\/code> and copied it to <code>\/tmp\/thawte.pem<\/code>. I then determined the hash of the certificate as follows and created a link to the original certificate bundle (as superuser!):<\/p>\n<pre>#openssl x509 -in \/tmp\/thawte.pem -noout -hash\r\nddc328ff\r\n#ln -s \/usr\/share\/curl\/curl-ca-bundle.crt \/System\/Library\/OpenSSL\/certs\/ddc328ff.0\r\n<\/pre>\n<p>Voil\u00e0! Now I could connect to our Subversion repository without receiving a warning like the following:<\/p>\n<pre>Error validating server certificate for 'https:\/\/our.repos.de:443':\r\n- The certificate is not issued by a trusted authority. Use the\r\nfingerprint to validate the certificate manually!\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>I recently stumbled across a problem with Mac OS X Leopard&#8217;s &#8220;svn&#8221; (Subversion) client which doesn&#8217;t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using &#8220;Keychain Access.&#8221;) It turned out that it only uses the certificates it find in \/System\/Library\/OpenSSL\/certs. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,27],"tags":[38,37,36,35],"class_list":["post-73","post","type-post","status-publish","format-standard","hentry","category-computers","category-mac-computers","tag-ca","tag-cert","tag-ssl","tag-svn"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mac OS X &quot;svn&quot; client doesn&#039;t know about common CA certs - Ralf&#039;s Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mac OS X &quot;svn&quot; client doesn&#039;t know about common CA certs - Ralf&#039;s Blog\" \/>\n<meta property=\"og:description\" content=\"I recently stumbled across a problem with Mac OS X Leopard&#8217;s &#8220;svn&#8221; (Subversion) client which doesn&#8217;t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using &#8220;Keychain Access.&#8221;) It turned out that it only uses the certificates it find in \/System\/Library\/OpenSSL\/certs. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/\" \/>\n<meta property=\"og:site_name\" content=\"Ralf&#039;s Blog\" \/>\n<meta property=\"article:published_time\" content=\"2009-03-25T09:12:06+00:00\" \/>\n<meta name=\"author\" content=\"Ralf Bergs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ralfbergs\" \/>\n<meta name=\"twitter:site\" content=\"@ralfbergs\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ralf Bergs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/\"},\"author\":{\"name\":\"Ralf Bergs\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"headline\":\"Mac OS X &#8220;svn&#8221; client doesn&#8217;t know about common CA certs\",\"datePublished\":\"2009-03-25T09:12:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/\"},\"wordCount\":151,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"keywords\":[\"ca\",\"cert\",\"ssl\",\"svn\"],\"articleSection\":[\"Computers\",\"Mac\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/\",\"name\":\"Mac OS X \\\"svn\\\" client doesn't know about common CA certs - Ralf&#039;s Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#website\"},\"datePublished\":\"2009-03-25T09:12:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/2009\\\/03\\\/25\\\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mac OS X &#8220;svn&#8221; client doesn&#8217;t know about common CA certs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/\",\"name\":\"Ralf's Blog\",\"description\":\"Just another WordPress weblog\",\"publisher\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/#\\\/schema\\\/person\\\/354e37390b493c875f972bd313d29201\",\"name\":\"Ralf Bergs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"contentUrl\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\",\"width\":1024,\"height\":1024,\"caption\":\"Ralf Bergs\"},\"logo\":{\"@id\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/Ralf-Tower-2026-1024x1024.jpg\"},\"description\":\"Geek, computer guy, licensed and certified electrical and computer engineer, husband, best daddy.\",\"sameAs\":[\"https:\\\/\\\/bergs.biz\\\/\",\"https:\\\/\\\/linkedin.com\\\/in\\\/ralfbergs\\\/\",\"https:\\\/\\\/x.com\\\/ralfbergs\"],\"url\":\"https:\\\/\\\/bergs.biz\\\/blog\\\/author\\\/rabe\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mac OS X \"svn\" client doesn't know about common CA certs - Ralf&#039;s Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/","og_locale":"en_US","og_type":"article","og_title":"Mac OS X \"svn\" client doesn't know about common CA certs - Ralf&#039;s Blog","og_description":"I recently stumbled across a problem with Mac OS X Leopard&#8217;s &#8220;svn&#8221; (Subversion) client which doesn&#8217;t know about common root CAs (such as Thawte in my case,) even tho they are in the system keychain (which you can view using &#8220;Keychain Access.&#8221;) It turned out that it only uses the certificates it find in \/System\/Library\/OpenSSL\/certs. [&hellip;]","og_url":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/","og_site_name":"Ralf&#039;s Blog","article_published_time":"2009-03-25T09:12:06+00:00","author":"Ralf Bergs","twitter_card":"summary_large_image","twitter_creator":"@ralfbergs","twitter_site":"@ralfbergs","twitter_misc":{"Written by":"Ralf Bergs","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/#article","isPartOf":{"@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/"},"author":{"name":"Ralf Bergs","@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"headline":"Mac OS X &#8220;svn&#8221; client doesn&#8217;t know about common CA certs","datePublished":"2009-03-25T09:12:06+00:00","mainEntityOfPage":{"@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/"},"wordCount":151,"commentCount":0,"publisher":{"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"keywords":["ca","cert","ssl","svn"],"articleSection":["Computers","Mac"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/","url":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/","name":"Mac OS X \"svn\" client doesn't know about common CA certs - Ralf&#039;s Blog","isPartOf":{"@id":"https:\/\/bergs.biz\/blog\/#website"},"datePublished":"2009-03-25T09:12:06+00:00","breadcrumb":{"@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/bergs.biz\/blog\/2009\/03\/25\/mac-os-x-svn-client-doesnt-know-about-common-ca-certs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/bergs.biz\/blog\/"},{"@type":"ListItem","position":2,"name":"Mac OS X &#8220;svn&#8221; client doesn&#8217;t know about common CA certs"}]},{"@type":"WebSite","@id":"https:\/\/bergs.biz\/blog\/#website","url":"https:\/\/bergs.biz\/blog\/","name":"Ralf's Blog","description":"Just another WordPress weblog","publisher":{"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/bergs.biz\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/bergs.biz\/blog\/#\/schema\/person\/354e37390b493c875f972bd313d29201","name":"Ralf Bergs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","url":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","contentUrl":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg","width":1024,"height":1024,"caption":"Ralf Bergs"},"logo":{"@id":"https:\/\/bergs.biz\/blog\/wp-content\/uploads\/2026\/04\/Ralf-Tower-2026-1024x1024.jpg"},"description":"Geek, computer guy, licensed and certified electrical and computer engineer, husband, best daddy.","sameAs":["https:\/\/bergs.biz\/","https:\/\/linkedin.com\/in\/ralfbergs\/","https:\/\/x.com\/ralfbergs"],"url":"https:\/\/bergs.biz\/blog\/author\/rabe\/"}]}},"_links":{"self":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/73","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/comments?post=73"}],"version-history":[{"count":0,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/posts\/73\/revisions"}],"wp:attachment":[{"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/media?parent=73"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/categories?post=73"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bergs.biz\/blog\/wp-json\/wp\/v2\/tags?post=73"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}