For a project with some friends, we’ve set up our own private Mercurial repository. We’re publishing it using hgweb and apache, and since we want it encrypted, we use a self-signed certificate. This has been working fine until recently, when I upgraded Mercurial from 1.6.x to 1.8.1, because it turns out that in Mercurial 1.7.2, they started throwing a big fat error when you try to work against a repository with a self-signed certificate:
C:\Users\Johan\HgReps\MsmqRestService>hg in abort: error: _ssl.c:490: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICAT E:certificate verify failed
There is a long thread at selenic.com discussing why you can’t push/pull to a https server with a self-signed certificate. But to save you (and myself) from having to read it (again), I thought I’d jot down the steps to get it working again.
- Open your repository in a web browser. I used Firefox 4.
- Save the certificate. In Firefox by clicking the domain name, more information, view certificate, details tab, export certificate. I’m sure you can figure out how to do it in another web browser as well. Be sure to select X.509 Certificate (PEM), when exporting.
- Edit the
cacert.pemfile for TortoiseHg (if that’s the way you installed mercurial).
On my machine, the full path is
- Copy the contents from your exported certificate file, and paste them to the bottom of cacert.pem