Hi Cedric, Yjis is an issue with the root CA which is causing cert validati9on to fail. If you seach for "unknown ca:s3_pkt.c:1493" you will many issues similar, if not identical, to this along with possible solutions. The particular solution is dependint on how the certs were issued. Andy
…
On Mon, 12 Sep 2022, ccaffy wrote: Hi @abh3 , Many thanks for your answer. I removed thatxrd.port tls 1095
directive. It indeed did not work. Now I still have the problem of the server having a TLS error when I useroots
:220912 09:48:46 7273 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7273 XrdTLS: ***@***.*** 140102374799104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7273 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7273 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrootdXeq: ***@***.*** disc 0:00:00 220912 09:48:46 7286 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7286 XrdTLS: ***@***.*** 140102338623232:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7286 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7286 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 XrootdXeq: ***@***.*** disc 0:00:00
Again, no problem with HTTP with the following curl command:curl -v -X GET https://localhost:1096/tmp/testFile 2>&1 >/dev/null
Thanks again! -- Reply to this email directly or view it on GitHub: #1778 (comment) You are receiving this because you were mentioned. Message ID: @.***>
Thanks, I found what was the problem some weeks ago... The issue was that I did not use the c_rehash
tool on the CA directory...
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1