On OSX, the [global] ssl-trust-default-ca = true option has no effect, because the openssl installation has no default trusted root certs; they're all stashed away in the Keychain app. The expedient thing to do is simply to check the fingerprint and accept the cert.
I from experience have always just bought a new SSL certificate as opposed to renewing them, as this seems to bring about less conflicts (and a more familiar process to me). I've installed my latest new SSL certs from SSL247.com, although this is an interesting bit of code for Subversion.
On OSX, the [global] ssl-trust-default-ca = true option has no effect, because the openssl installation has no default trusted root certs; they're all stashed away in the Keychain app. The expedient thing to do is simply to check the fingerprint and accept the cert.
ReplyDeleteI from experience have always just bought a new SSL certificate as opposed to renewing them, as this seems to bring about less conflicts (and a more familiar process to me). I've installed my latest new SSL certs from SSL247.com, although this is an interesting bit of code for Subversion.
ReplyDelete