 |
 |
Hi all, As several (many?) of you know, the OSG is in the process of shutting down its IGTF-accredited CA. Among the various impacts of this is the fact that several sites are switching to IGTF accredited CAs that charge per-certificate fees (commercial rates tend to be in the neighborhood $200 per certificate). Needless to say, this is causing quite a few folks to re-evaluate how many certificates their site needs. A few have stated that the driver in terms of number of certificates is actually XRootD and the fact it doesn't support subjectAltName (SAN). For example, I can issue a single host certificate for all 12 of my GridFTP servers provided that all twelve are listed in the certificate's SAN - a potential savings of $2,200 / year if it wasn't for the fact that I need 12 distinct certificates for the XRootD services. Looking at the code in XrdSecProtocolgsi::ServerCertNameOK and its callees, it doesn't appear like it would be overly difficult to add support for this. Would anyone be able to work on the topic? It would be much appreciated... Brian ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1