Tips for mounting ARCS WebDAV? resource in Linux

ARCS has some nice instructions for "mounting" a WebDAV resource in the Gnome Desktop Environment, but this isn't really mounting in the traditional sense. Although (unlike MS Windows) the vast majority of Gnome applications will happily open a file from a davfs:// URI, sometimes (especially if you're an avid user of the command line shell) it's preferable to work with WebDAV mounted as a real filesystem.

davfs2

davfs2 is an implementation of WebDAV as a filesystem that can be mounted with the unix mount command. You should be able to apt-get install davfs2 on Debian GNU/Linux (and its relatives).

You will first need to configure your secrets file, which can be stored globally in /etc or in your home directory at ~/.davfs2/secrets.

You will need a single line that looks something like:
/arcs    ARCS\ IdP\\joe.user   secr3t_passw0rd

Where /arcs is the mount point you will use to mount the ARCS WebDAV resource.

Then, you can mount it like this:
sudo mount -t davfs https://df.arcs.org.au/ARCS/home /mnt

To which you are prompted with:
Please enter the username to authenticate with server
https://df.arcs.org.au/ARCS/home or hit enter for none.
Username: ARCS IdP\joe.user
Please enter the password to authenticate user ARCS IdP\joe.user with server
https://df.arcs.org.au/ARCS/home or hit enter for none.
Password: 
/sbin/mount.davfs: the server certificate is not trusted
  issuer:      ipsCA CLASEA1 Certification Authority, general@ipsca.com C.I.F.  B-B62210695, IPS Certification Authority s.l., Barcelona, Barcelona, ES
  subject:     Systems, VPAC, Melbourne, Victoria, AU
  identity:    df.arcs.org.au
  fingerprint: b8:d0:78:f0:15:e5:34:01:2a:3e:75:2f:e0:9c:73:04:5c:b5:6f:d9
You only should accept this certificate, if you can
verify the fingerprint! The server might be faked
or there might be a man-in-the-middle-attack.
Accept certificate for this session? [y,N] y

Trusting the ARCS SSL certificate

What's this about the server certificate not being trusted? Somehow the SSL library used ( libneon) doesn't trust the root CA that signed ARCS' SSL certificate. So we need to add a trusted root cert. manually.

In your davfs2.conf, which might be in /etc/davfs2/davfs2.conf, you should add the following line:

servercert    df.arcs.org.au.pem

And copy the df.arcs.org.au.pem file (attached) to the certs directory, which might be at /etc/davfs2/certs.

Important:
Crafting this .pem file from scratch might be a little obscure for the uninitiated. You need to inspect the SSL certificate for https://df.arcs.org.au using something like this to obtain a PEM file, and then - importantly - remove the first section that contains the certificate for the ARCS server itself.

davfs2 doesn't want to trust the server certificate itself, but the certs of the CA who signed it.

Have fun...