>It looks to me that Xavier's case and the case I encountered are different. If you say, that your host certificate for uct2-xrootd.mwt2.org actually does _not_ have "fax.mwt2.org" as an alternative name in it, then yes, our situations are different - in your case, the error is justified, in my opinion. It could be, that client tools do a name resolution of the alias and a subsequent reverse lookup of the IP to verify whether _that_ name is mentioned as the subject name in the certificate, possibly? That's the only way how an DNS alias could still work with these grid security regulations. -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/841#issuecomment-430531797 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1