How to allow self signed cert in Mercurial through server configuration?
https://stackoverflow.com/questions/7882666
-
11-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've read similiar questions here and elsewhere. This is not intended to be a duplicate, but I haven't found the answer.
I'm trying to ask a very particular question, so please don't mark this as duplicate unless you can point me somewhere with a very specific correct answer.
I'm running CentOS 6 and I have Mercurial 1.9 installed as our Mercurial Server.
I can add repositories and and I can clone, and commit changes, and push back to the server with no problems as long as I don't try to use SSL.
The apache website is configured with a self signed SSL cert (I am aware of the pros and cons around self signed SSL certs, but we have made the decision to use one unless it is technically impossible).
Our client machines are Windows 7 with TortoiseHG 2.1.4 installed. In Visual Studio 2010 I'm using "Mercurial Source Control Package".
What I would like to do, is make a server configuration change that would either on a server level or repository level allow a self signed certificate.
Per client machine changes are burdensom because even after I update everyones machine, next time I have to setup a new client I have to have these changes documented and remember to go back through the steps.
I've tried the hostfingerprints option but I haven't been able to get it to work. I'm not sure if this is supposed to work as a server configuration or if I'm putting the setting in the correct file or what.
As a side note, I finally found how to turn on --insecure through the TortoiseHG UI (clicking the lock icon), but it looks like the visual studio source control provider doesn't have an option (at least that I can find).
I'm not a Linux expert (but I have access to experts if needed) so please be verbose in your explanations.
Everyone in our organization is an HG novise.
As a last resort, we may just get an SSL cert.
Solution
Jamie F is correct, but I'll put it down here since s/he didn't. There is nothing a server can do to tell a client to trust it -- there would be little point in that. You need to either configure your clients or use a certificate signed by a CA that your client systems already trust.
