First, create an RSA key:
$ openssl genrsa -out my.key
If you want a passphrase on the key, add the -des3 option to the command line. (If not, you need to make sure that the file can only be ready by you.)
Next, create a Certificate Signing Request for this key:
$ openssl req -new -key my.key -out my.csr
Now, enter the following information:
| Country Name | SE |
| State or Province Name | (blank) |
| Locality Name | (blank) |
| Organization Name | Pike |
| Organizational Unit Name | Pike Subversion Server |
| Common Name | Your commit id (e.g. UNIX login) |
| Email Address | Your email address |
Leave the 'extra' attributes blank. You now have a Certificate Signing Request my.csr, which can be sent the Pike CA for signing.
Once you get a certificate my.crt back from the Pike CA, you need to combine it with your RSA key to create a PKCS#12 client certificate:
$ openssl pkcs12 -export -clcerts -in my.crt -inkey my.key -out my.p12
Like with the RSA key file, you need to protect the p12 file unless you set a password on it.
Now that you have your certificate in the right format, edit your ~/.subversion/servers file to contain the following:
[groups]
pikeSvn = pike-svn.lysator.liu.se
[pikeSvn]
ssl-client-cert-file = /path/to/my.p12
And presto, you're ready to start using https://pike-svn.lysator.liu.se/.