Subversion error - certificate verification failed - with CruiseControl.NET
Published to Blog on 9 Mar 2006
A few weeks ago I went through the exercise of downloading and setting up cruise control on my dev machine along with NAnt and some other tools (more on this later). The night before last I spent about 3-4 hours optimizing by build scripts to make them more portable and fine tuned a few things. Yesterday I began applying everything that I learned to a fresh install of Window Server 2003 on our new (used previously as some sort of linux dev box - nobody knows anything about it, it just was there one day) build machine.
I ran into a couple of issues but the most perplexing was one that I struggled with for several hours last night and a couple of hours this morning. It was a problem with doing a subversion update in my Cruise Control .NET script and the error message looked something like:
PROPFIND request failed on '/Projectname'
svn: PROPFIND of '/Projectname': Server certificate verification > failed: issuer is not trusted
I looked up the error via Google and found several good solutions, but none of them that worked for me - my CC.NET script kept throwing the same error no matter what I did. I went to the svn site in a browswer and accepted the certificate, I accessed the repository via svn command line and permanently accepted the certificate, I deleted the repository and created a new checkout with TortoiseSVN (which didn't even ask me to accept the certificate since I had done so before) and many, many more. By all clues it looked like it should have been working fine. If I ran the same command line statements manually that CC.NET was running then it worked well - no error - no issue. But it just wouldn't work when the CC.NET windows service ran the script.
I took a break and thought about it for a minute - everything worked fine for me - I was logged in as "dhounshell". However the CruiseControl.NET service was running under the local service account. That must be it - "dhounshell" had accepted those certificates as valid, but the account running the CC.NET server had not. I changed the service to run under my account and everything worked fine and I got a successful build ! Actually I didn't get a successful build just yet - fixing this error let me get further into the process, which eventually threw another error. Fixing that one let me get further into the process, which then threw another error. Rinse and repeat. Eventually I did get a succesful build on the new build server, though. And all is well with the world.