LISTSERV 16.5 - XROOTD-DEV Archives

> Hi Cedric, Yjis is an issue with the root CA which is causing cert validati9on to fail. If you seach for "unknown ca:s3_pkt.c:1493" you will many issues similar, if not identical, to this along with possible solutions. The particular solution is dependint on how the certs were issued. Andy
> […](#)
> On Mon, 12 Sep 2022, ccaffy wrote: Hi @abh3 , Many thanks for your answer. I removed that `xrd.port tls 1095` directive. It indeed did not work. Now I still have the problem of the server having a TLS error when I use `roots`: ``` 220912 09:48:46 7273 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7273 XrdTLS: ***@***.*** 140102374799104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7273 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7273 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrootdXeq: ***@***.*** disc 0:00:00 220912 09:48:46 7286 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7286 XrdTLS: ***@***.*** 140102338623232:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7286 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7286 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 XrootdXeq: ***@***.*** disc 0:00:00 ``` Again, no problem with HTTP with the following curl command: ``` curl -v -X GET https://localhost:1096/tmp/testFile 2>&1 >/dev/null ``` Thanks again! -- Reply to this email directly or view it on GitHub: [#1778 (comment)](https://github.com/xrootd/xrootd/pull/1778#issuecomment-1243350277) You are receiving this because you were mentioned. Message ID: ***@***.***>

Thanks, I found what was the problem some weeks ago... The issue was that I did not use the `c_rehash` tool on the CA directory...

-- 
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274245934
You are receiving this because you are subscribed to this thread.

Message ID: <[log in to unmask]>
########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1