Follow-up Comment #2, sr #124285 (project xrootd): Hi Gerri, I've seen this behavior previously myself, even when CRLs are present. Can you run a test and verify it "does as expected" on one of your development nodes? Note that with the new IGTF certificate format, two entries in /etc/grid-security/certificates are made for each CA, but At -crl:2 level, does it reject connections if the CRL isn't present? Brian _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/support/?124285> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/