LISTSERV 16.5 - XROOTD-DEV Archives

Hopefully this has not been fixed in a newer release - I saw no mention in the changelogs...

We (CMS T2 UW-Madison) are running xrootd 4.8.0-2.osg33.el7 and have installed osg-ca-certs.noarch 1.73-1.osg33.el7 .

While experimenting with letsencrypt certs, xrootd displays the following message:
secgsi_GetSrvCertEnt: failed to load certificate for the issuing CA '4f06f81d.0|4a0a35c0.0'

There are files with is name pointing to xrootd certs:
ls -al /etc/grid-security/certificates/4f06f81d.0
lrwxrwxrwx. 1 root root 26 May 23 16:22 /etc/grid-security/certificates/4f06f81d.0 -> letsencryptauthorityx3.pem
ls -al /etc/grid-security/certificates/4a0a35c0.0
lrwxrwxrwx. 1 root root 26 May 23 16:22 /etc/grid-security/certificates/4a0a35c0.0 -> letsencryptauthorityx3.pem

Xrootd transfers fail mentioning "AUTH". (sorry, don't have exact message)

Switching back to OSG issued certs (or InCommon) allow xrootd to function normally.

Thanks!

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/issues/716","url":"https://github.com/xrootd/xrootd/issues/716","name":"View Issue"},"description":"View this Issue on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}} {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"xrootd 4.80 cannot use letsencrypt as CA (#716)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/716"}}} { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "37567f93-e2a7-4e2a-ad37-a9160fc62647", "title": "xrootd 4.80 cannot use letsencrypt as CA (#716)", "sections": [ { "text": "", "activityTitle": "**lickdragon**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@lickdragon", "facts": [ { "name": "Repository: ", "value": "xrootd/xrootd" }, { "name": "Issue #: ", "value": 716 } ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 716,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 716\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/716" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 338858599\n}" } ], "themeColor": "26292E" }

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1