When working with SVN (Subversion) command line tools, developers frequently encounter SSL certificate verification prompts during operations like checkout or update. This becomes particularly problematic in automated scripts and CI/CD pipelines where interactive responses aren't possible.
Subversion handles SSL certificates through its configuration files. The servers file in your SVN config directory contains settings for SSL certificate handling. By default, it's configured to prompt for certificate acceptance.
Add these settings to your ~/.subversion/servers file (Linux/Mac) or %APPDATA%\Subversion\servers (Windows):
[global] ssl-trust-default-ca = yes ssl-authority-files = /path/to/certificate.pem store-ssl-client-cert-pp = no store-passwords = no store-plaintext-passwords = no
For one-time acceptance during an operation:
svn --trust-server-cert --non-interactive checkout https://example.com/svn/repo
To make this permanent for a specific host:
echo "ssl-trust-default-ca = yes" >> ~/.subversion/servers
For fine-grained control over specific hosts:
[groups] trusted-hosts = *.example.com, svn.internal.net [trusted-hosts] ssl-trust-default-ca = yes ssl-authority-files = /etc/ssl/certs/ca-certificates.crt
While convenient, automatic certificate acceptance reduces security. Consider these alternatives:
- Pre-install the certificate in your system's trust store
- Use the
ssl-authority-filesoption to specify known certificates - Configure certificate pinning for critical repositories
If changes don't take effect:
- Verify the correct config file location for your OS
- Check for multiple SVN installations
- Ensure proper file permissions (600 on Linux/Mac)
- Clear any cached credentials
When working with SVN (Subversion) command-line tools, encountering SSL certificate prompts can disrupt automation workflows. This commonly occurs when accessing repositories over HTTPS for the first time:
$ svn checkout https://example.com/svn/repo Error validating server certificate for 'https://example.com:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually... (R)eject, accept (t)emporarily or accept (p)ermanently?
To automatically accept certificates without manual intervention, use the --trust-server-cert and --non-interactive flags together:
svn checkout https://example.com/svn/repo --trust-server-cert --non-interactive
This combination tells SVN to:
- Trust the server certificate without prompting
- Run in non-interactive mode (no user input required)
For permanent settings across all commands, modify your SVN config file (typically at ~/.subversion/config):
[global] store-ssl-client-cert-pp = yes store-passwords = yes store-auth-creds = yes
While convenient, automatic certificate acceptance has security implications:
- Bypasses certificate validation checks
- Vulnerable to man-in-the-middle attacks
- Only recommended for trusted internal repositories
For better security, manually cache the certificate first, then automate subsequent operations:
# First run (manual acceptance): svn ls https://example.com/svn --username yourname --password yourpass # Accept certificate permanently when prompted # Subsequent runs (automated): svn checkout https://example.com/svn/repo --username yourname --password yourpass --non-interactive
For scripting multiple repository operations:
#!/bin/bash REPO_URL="https://example.com/svn" SVN_CMD="svn --trust-server-cert --non-interactive" $SVN_CMD checkout $REPO_URL/repo1 /path/to/local1 $SVN_CMD checkout $REPO_URL/repo2 /path/to/local2 $SVN_CMD update /path/to/existing
Remember to set appropriate permissions on any scripts containing credentials.