I wrote a HOWTO on configuring and using Subversion. I think it's quite straightforward. It includes:
- authentication over SSL (with Apache2),
- permission management,
- multiple repositories handling,
- as well as hints for every-day work in command line and GUI.

A definite must-read for everyone who thinks SVN is too complex to set up at home :P

Here is a link to the HOWTO: http://polishlinux.org/apps/subversion-howto/

I hope it's useful.

Thanks, thats going into my bookmarks, and with your permission, my list of translation todo's.

The binary "apache2-ssl-certificate" doesn't exist on my system. I installed Apache http by letting FC5 lay it down during OS installation.

Thanks, thats going into my bookmarks, and with your permission, my list of translation todo's.

No problem. Just link to the original text and mention the author when you do your translation.

The binary "apache2-ssl-certificate" doesn't exist on my system. I installed Apache http by letting FC5 lay it down during OS installation. I'm not sure what that binary does exactly, but it shouldn't be too hard to figure out how to do it with OpenSSL directly...

OK, after reading the howto, this should work:

openssl req -new -newkey rsa:2048 -keyout key.pem -x509 -set_serial 1000 -days 365 -out cert.pem
cat key.pem cert.pem >/etc/apache2/ssl/Apache2.pem
rm key.pem cert.pem The "openssl req" command will ask you a bunch of questions. If you add a "-nodes" argument to it, that's the easiest way to get Apache to start automatically. (If you don't add that argument, then the "req" command will prompt you (twice) for a passphrase, and you will have to either type the passphrase into Apache whenever it starts, or set up a script to echo the passphrase, and Apache will run your script and read the passphrase that it echoes. This is documented in the Apache config file reference.) Note that a -nodes file means that anyone can impersonate your server just by getting the file -- if you give it a passphrase, then they'd have to know the passphrase also.

Anyway, either way, the "req" command will ask you a bunch of other questions in order to build a "distinguished name" (presumably the apache2-ssl-certificate program will have openssl ask you these same questions). Most of them don't matter (can be left blank, by inputting a single period), but I'd at least set the Country one. The "Common name (i.e. YOUR name)" field needs to be set to your machine's FQDN (otherwise https browsers will warn their users when their users try to browse your site -- of course users will already be warned because this is a self-signed cert, not signed by a trusted authority, but if the CN doesn't match the DNS name, then they'll be warned about two different things).

This ends up creating a cert that's good for one year (-days 365). The cat simply creates a single file (with the same filename that apache2-ssl-certificate apparently uses) that contains both the private key and certificate (this is what Apache's SSLCertificateFile directive looks for).

No problem. Just link to the original text and mention the author when you do your translation

That is general etiquet ( I hope I spelled that right ). It'll take a while before I get to translating though.

I'm not sure what that binary does exactly, but it shouldn't be too hard to figure out how to do it with OpenSSL directly...

OK, after reading the howto, this should work:

openssl req -new -newkey rsa:2048 -keyout key.pem -x509 -set_serial 1000 -days 365 -out cert.pem
cat key.pem cert.pem >/etc/apache2/ssl/Apache2.pem
rm key.pem cert.pem The "openssl req" command will ask you a bunch of questions. If you add a "-nodes" argument to it, that's the easiest way to get Apache to start automatically. (If you don't add that argument, then the "req" command will prompt you (twice) for a passphrase, and you will have to either type the passphrase into Apache whenever it starts, or set up a script to echo the passphrase, and Apache will run your script and read the passphrase that it echoes. This is documented in the Apache config file reference.) Note that a -nodes file means that anyone can impersonate your server just by getting the file -- if you give it a passphrase, then they'd have to know the passphrase also.

Anyway, either way, the "req" command will ask you a bunch of other questions in order to build a "distinguished name" (presumably the apache2-ssl-certificate program will have openssl ask you these same questions). Most of them don't matter (can be left blank, by inputting a single period), but I'd at least set the Country one. The "Common name (i.e. YOUR name)" field needs to be set to your machine's FQDN (otherwise https browsers will warn their users when their users try to browse your site -- of course users will already be warned because this is a self-signed cert, not signed by a trusted authority, but if the CN doesn't match the DNS name, then they'll be warned about two different things).

This ends up creating a cert that's good for one year (-days 365). The cat simply creates a single file (with the same filename that apache2-ssl-certificate apparently uses) that contains both the private key and certificate (this is what Apache's SSLCertificateFile directive looks for).

Thanks for that. I updated the article suggesting using openssl directly when we script is not available.