The proxies created by xrdgsiproxy
use a SHA1 signature. As a result, they don't work in alma9, which refuses SHA1 signature by default: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#doc-wrapper
$ xrdgsiproxy init -cert /tmp/cert.pem -key /tmp/key.pem
: problems creating proxy
But it works after allowing SHA1:
$ sudo update-crypto-policies --set DEFAULT:SHA1
Setting system policy to DEFAULT:SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
$ xrdgsiproxy init -cert /tmp/cert.pem -key /tmp/key.pem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
file : /tmp/x509up_u0
type : Proxy (RFC)
issuer : /CN=Rucio User
subject : /CN=Rucio User/CN=1547110546
path length : 0
bits : 2048
time left : 12h:0m:0s
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1