The proxies created by `xrdgsiproxy` use a SHA1 signature. As a result, they don't work in alma9, which refuses SHA1 signature by default: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#doc-wrapper ``` $ xrdgsiproxy init -cert /tmp/cert.pem -key /tmp/key.pem : problems creating proxy ``` But it works after allowing SHA1: ``` $ sudo update-crypto-policies --set DEFAULT:SHA1 Setting system policy to DEFAULT:SHA1 Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. $ xrdgsiproxy init -cert /tmp/cert.pem -key /tmp/key.pem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ file : /tmp/x509up_u0 type : Proxy (RFC) issuer : /CN=Rucio User subject : /CN=Rucio User/CN=1547110546 path length : 0 bits : 2048 time left : 12h:0m:0s ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ``` -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1992 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1