You can use an SSL toolkit (such as the one available at https://www.openssl.org) to generate a private key. When generating a private key, keep in mind the following points:
Note: For security purposes, AccuRev recommends that you set
read-only permissions on the private key file.
AccuRev supports the use of both self-signed and trusted certificates. Regardless of which type of certificate you use, AccuRev prompts the user to accept the certificate the first time the user attempts to connect to an AccuRev server that has been SSL-enabled. If the user then accepts the certificate, the certificate is downloaded from the server to the client and stored in the user’s profile directory which is, by default, the .accurev directory. (The location of the user’s profile directory is determined by the current setting of the
USERPROFILE environment variable in Windows and UNIX while, on Linux platforms, the location is in the
/home directory.) The user can then connect to that server in future sessions without being prompted to accept that certificate again, unless the certificate expires or SSL is disabled on the server. If, however, the user should attempt to connect to a different AccuRev server that has been SSL-enabled, the user is also prompted to accept the certificate from that server.
Note: Additional configuration is required if you are using a certificate from a trusted authority. See
Considerations for Using Trusted Certificates for more information.
In this example, C:\Program Files (x86)\AccuRev\bin\ServerCert\AccuRev.crt represents the absolute path to the server’s certificate file,
AccuRev.crt. This path name cannot contain quotes.
After editing the acserver.cnf file, you must restart the AccuRev server to complete the process of encrypting communication between the server and its clients.
In public key encryption, a certificate’s thumbprint (also known as a “fingerprint”) is the SHA1 hash of the binary representation of the certificate converted to a hexadecimal string; it is this string that is used to authenticate a longer public key. The --thumbprint option allows you to specify the certificate’s thumbprint which, if it matches that of the SSL certificate on the AccuRev server, allows the certificate to be accepted automatically. This option is available for both the
enable_ssl command and the
get_certificate command. This feature is particularly useful in situations where a user is not present to accept an SSL certificate.
The --thumbprint option can be used to enable SSL on unattended machines by using a script that executes a command, for example, such as the following:
For more information about the thumbprint command, refer to the descriptions of the
get_certificate and
enable_ssl commands in the AccuRev CLI Help.
If the certificate name or location on the server has changed, the SSL_CERTIFICATE parameter of the
acserver.cnf file must be updated to reflect the new file name or file path. Likewise, the
SSL_PRIVATE_KEY parameter of the
acserver.cnf file must be updated if the private key file name or location has been changed.
After editing the acserver.cnf file, you must restart the server to complete the process of disabling SSL.