The following is a step by step installation of Subversion over Apache and SSL authenticating through an Active Directory server or local server accounts. BTW, I'm by no means an Apache guru so please leave a comment if I'm missing anything. And thanks to a bunch of people who I cant remember who posted info on the web that helped in compiling these steps! :)

  1. Install the latest CollabNet Win32 distribution found here.
    1. Make sure that only the Apache (MOD_DAV_SVN) component is checked.
    2. Set the Apache configuration. You can set an arbitrary http port for now; it will change when SSL is setup.  Also remember to check the "Install Apache ... as a Windows Service" checkbox. The other two options should be set accordingly.
  2. Create a test repository
    1. Open a command prompt and run the following command from the CollabNet installation folder (C:\Program Files\CollabNet Subversion Server\) to create a test repository:
      svnadmin create d:\temp\Repos\mysweetapp
  3. Test Connectivity
    1. Start the Apache service; it should be called Apache2.
    2. Browse to the test repository at http://localhost:1984/mysweetapp with a Subversion client and create a folder to verify that everything is setup correctly.
  4. Install and Configure the SSPI module
    1. Download the SSPI module from here. You will want to match the major and minor Apache build with the version number trailing the SSPI module version number. For example would be for Apache 2.0.x and would be for Apache 2.2.x (Thanks to Dan Switzer for pointing this out, I totally missed that!). After unzipping the contents if the zip, copy the (In the bin folder) into the Apache modules folder (C:\Program Files\CollabNet Subversion Server\httpd\modules).
    2. Open the httpd.conf file in the Apache configuration folder (C:\Program Files\CollabNet Subversion Server\httpd\conf)
    3. Add the following line to (Or uncomment it in) the Apache configuration file (httpd.conf) in the LoadModule section:
      LoadModule sspi_auth_module modules/
    4. Add the following settings, under "# Active Directory Auth", to the location section. Be sure to specify the SSPIDomain which can be an AD domain or the local server name. If it is the local server name the local user accounts will be used to authenticate. You can use this option if there is no AD server.
                DAV svn
                SVNParentPath D:/Temp/Repos
                # Active Directory Auth
                AuthName "SVN Server"
                AuthType SSPI
                SSPIAuth On
                SSPIAuthoritative On
                SSPIDomain localhost
                SSPIOfferBasic on
                Require valid-user
    5. Restart the Apache2 service after the httpd.conf file has been saved.
    6. Perform the test noted in step #3 to test connectivity, this time logging in with a user from the domain specified above.
    7. Note that in TortoiseSVN  you can check the "Save Authentication" checkbox to avoid having to repeatedly enter your credentials:
  5. Configure SSL
    1. Create the Certificate
      1. Create an OpenSSL configuration file under the Apache bin folder (C:\Program Files\CollabNet Subversion Server\httpd\bin) called openssl.conf and set its contents as follows:
             [ v3_ca ]
             subjectKeyIdentifier = hash
             authorityKeyIdentifier = keyid:always,issuer:always
             basicConstraints = CA:true
             [ req ]
             default_bits  = 1024
             default_keyfile  = svnserver.key
             distinguished_name = req_distinguished_name
             attributes  = req_attributes
             x509_extensions = v3_ca 
             string_mask  = nombstr
             [ req_distinguished_name ] 
             commonName  = Common Name
             commonName_default = My Server Name
             [ req_attributes ]
      2. Open up a command prompt in the Apache bin folder (C:\Program Files\CollabNet Subversion Server\httpd\bin).
      3. Run the following command to generate the private key and certificate request files. Be sure to enter the ip address or DNS name of the server when prompted for the common name. Also remember the pass phrase you entered as it will be required for the following step. This will create a svnserver.csr and svnserver.key file in the Apache bin folder.
              openssl req -config openssl.conf -new -out svnserver.csr
      4. Remove the passphrase from the private key with the following command. Enter the passphrase you specified in the last step.
             openssl rsa -in svnserver.key -out svnserver.key
      5. Create the self signed certificate with the following command. The following command sets the certificate expiration to 20 years.
             openssl x509 -in svnserver.csr -out svnserver.cert -req -signkey svnserver.key -days 7300
      6. Delete the svnserver.csr in the Apache bin folder.
      7. Copy the svnserver.key and svnserver.cert from the Apache bin folder to the Apache conf folder.
    2. Open the httpd.conf file in the Apache configuration folder (C:\Program Files\CollabNet Subversion Server\httpd\conf).
    3. Change the listen port to 443:
           Listen 443
    4. Change the server name to include the SSL port, 443:
           ServerName localhost:443
    5. Uncomment or add the load module directive for mod_ssl:
           LoadModule ssl_module modules/
    6. Create or overwrite the following IfModule section so that it appears as follows:
                  SSLEngine on
                  SSLRandomSeed startup   builtin
                  SSLRandomSeed connect   builtin
                  SSLPassPhraseDialog     builtin
                  SSLSessionCache         dbm:logs/ssl_scache
                  SSLSessionCacheTimeout  300
                  SSLMutex                default
                  SSLCertificateFile      conf\svnserver.cert
                  SSLCertificateKeyFile   conf\svnserver.key 
    7. Restart the Apache2 service.
    8. Browse to https://localhost/mysweetapp and create a folder to test the configuration.
    9. Note that in TortoiseSVN you can permanently accept the certificate when this dialog appears. It is warning you that the issuer is not a trusted root authority.