Solved svn.freebsd.org - Certificate error?

Is anybody else seeing this?

Code:
root@storezilla2:/usr/src # svn checkout https://svn.freebsd.org/base/stable/11
Error validating server certificate for 'https://svn.freebsd.org:443':
- The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
- Hostname: svn.freebsd.org
- Valid: from May  1 20:26:50 2018 GMT until Jul 30 20:26:50 2018 GMT
- Issuer: Let's Encrypt Authority X3, Let's Encrypt, US
- Fingerprint: 91:B4:F6:CA:ED:1D:7C:EA:C1:F9:33:A5:36:27:C0:7D:E6:2E:6B:AA
(R)eject, accept (t)emporarily or accept (p)ermanently?

I wonder why Let's Encrypt is marked as untrusted.
 
Yes, I have:

Code:
root@storezilla2:/usr/src # pkg info ca_root_nss
ca_root_nss-3.37.3
Name           : ca_root_nss
Version        : 3.37.3
Installed on   : Sun Jun 10 00:16:11 2018 PDT
Origin         : security/ca_root_nss
Architecture   : FreeBSD:10:*
Prefix         : /usr/local
Categories     : security
Licenses       : MPL20
Maintainer     : ports-secteam@FreeBSD.org
WWW            : UNKNOWN
Comment        : Root certificate bundle from the Mozilla Project
Options        :
    ETCSYMLINK     : off
Annotations    :
Flat size      : 787KiB
Description    :
Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.

This port directly tracks the version of NSS in the security/nss port.
 
I found the solution:

Code:
===> The following configuration options are available for ca_root_nss-3.37.3:
     ETCSYMLINK=on: Add symlink to /etc/ssl/cert.pem

The option to insert the symlink into /etc/ssl/cert.pem must be checked, otherwise you may see the error I have seen. I changed the option, rebuild ca_root_nss and all is good now.
 
  • Thanks
Reactions: aaa
That option is on by default.

All I can say that it was not on for this machine, whatever the reason. It is quite an old system, having been installed in 2012 originally (FreeBSD 8.3 at the time), which may or may not make a difference. Sometimes, Voodoo is as good an explanation as any. ;-)
 
  • Thanks
Reactions: aaa
Back
Top