I recently installed a Subversion server on my WHS box. In the past I've usually installed and configured Apache and mod_svn myself, but this time I decided to use the pre-packaged version from the people behind VisualSVN.
This version still uses Apache as the server however. Now I don't like sending passwords in the clear over the net, especially to things like a source repository. The default install of VisualSVN does support SSL and comes with an SSL cert that you can use. However, since I have a cert for my WHS box anyway I thought it would be nice to be able to reuse that. In the end it was quite easy, the steps are below.
- Download OpenSSL from http://www.slproweb.com/products/Win32OpenSSL.html. You can download the Light version for this.
- Install on the machine you are going to work on (I did this on my desktop, doesn’t have to be WHS).
- Ensure that the OpenSSL bin directory is in your path (makes things easier)
- Export the cert from IIS or certmgr.msc on the WHS
- In IIS go to site properties for the WHS site and then directory security and click the server certificate button
- Then select export a current certificate and give it a filename
- Make sure you export the private key along with the cert (IIS export does this automatically) but using certmgr.msc you'll need to select it
- Use OpenSSL to extract the private key and cert
- First export the key into a passworded file, then export the cert, finally remove the password from the key so Apache / VisualSVN can use it
- openssl pkcs12 –in mycert.pfx –nocerts –out key.pem
- openssl pkcs12 –in mycert.pfx –clcerts –nokeys –out cert.pem
- openssl rsa –in key.pem –out server.key
- Finally you have a cert (cert.pem) and key (server.key) you can use with Apache and VisualSVN. Just update the httpd.conf files to use those files. I dropped them into c:\certs on my box so I can share them between multiple apps.
Print | posted on Tuesday, June 10, 2008 6:12 PM