svn + apache + ssl

http://apacheworld.org/ty24/site.chapter17.html

To have a working SSL server implementation, the first step is to create a server certificate. This section explains in detail how to create and manage certificates and keys by using the openssl command-line tool.

You must have a public/private key pair before you can create a certificate request.

# ./usr/local/ssl/install/bin/openssl genrsa -des3 -rand file1:file2:file3 \
 -out www.example.com.key 1024

without passphrase:
# ./usr/local/ssl/install/bin/openssl rsa -in www.example.com.key \
    -out www.example.com.key.unsecure 

Creating a Self-Signed Certificate

# ./usr/local/ssl/install/bin/openssl x509 -req -days 30 \
-in www.example.com.csr -signkey www.example.com.key \
-out www.example.com.cert

You need to copy your certificate www.example.com.cert (either the one returned by the CA or your self-signed one) to /usr/local/ssl/install/openssl/certs/ and your key to /usr/local/ssl/install/openssl/private/.

Protect your key file by issuing the following command:

# chmod 400 www.example.com.key

configure apache (as suggested on subversion.tigris.org)


ServerName DOMAIN.com
ErrorLog /var/www/logs/error-ssl.log
CustomLog /var/www/logs/access-ssl.log combined

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:

+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


DAV svn
SVNParentPath /var/svn # individual repos under here
# AuthzSVNAccessFile /var/svn/policy # if you wish

Order allow,deny
Allow from all

# example authentication setup
Require valid-user
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /var/svn/htpasswd
Satisfy Any