Hi Cedric, Yjis is an issue with the root CA which is causing cert validati9on to fail. If you seach for "unknown ca:s3_pkt.c:1493" you will many issues similar, if not identical, to this along with possible solutions. The particular solution is dependint on how the certs were issued. Andy

On Mon, 12 Sep 2022, ccaffy wrote: Hi @abh3 , Many thanks for your answer. I removed that xrd.port tls 1095 directive. It indeed did not work. Now I still have the problem of the server having a TLS error when I use roots: 220912 09:48:46 7273 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7273 XrdTLS: ***@***.*** 140102374799104:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7273 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7273 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 ***@***.*** TLS_Accept: Accepting a TLS connection... 220912 09:48:46 7273 XrootdXeq: ***@***.*** disc 0:00:00 220912 09:48:46 7286 XrdTLS: ***@***.*** TLS error rc=0 ec=1 (error_ssl) errno=0. 220912 09:48:46 7286 XrdTLS: ***@***.*** 140102338623232:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:s3_pkt.c:1493:SSL alert number 48 220912 09:48:46 7286 XrdLinkXeq: TLS connection from ***@***.*** failed; error_ssl 220912 09:48:46 7286 XrootdXeq: Unable to enable TLS for ***@***.*** 220912 09:48:46 7286 XrootdXeq: ***@***.*** disc 0:00:00 Again, no problem with HTTP with the following curl command: curl -v -X GET https://localhost:1096/tmp/testFile 2>&1 >/dev/null Thanks again! -- Reply to this email directly or view it on GitHub: #1778 (comment) You are receiving this because you were mentioned. Message ID: @.***>

Thanks, I found what was the problem some weeks ago... The issue was that I did not use the c_rehash tool on the CA directory...


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/pull/1778/c1274245934@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274245934", "url": "https://github.com/xrootd/xrootd/pull/1778#issuecomment-1274245934", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1