Project

General

Profile

Feature #22417

Remove dependancy on OSG CA certs from Jobsub client

Added by Kevin Retzke 7 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
04/19/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included the standard OS and browser bundles, I propose changing the client to use the OS default CA bundle by default. This is one less dependency for users to have to install to use the client, and one less thing to go wrong.

Note that the only thing that seems to be keeping this from working right now when setting X509_CERT_DIR=/etc/pki/tls/certs (on an SL6 system) is cigetcert, since the jobsub servers on :443 don't present the CA chain, while they do on :8443.

History

#1 Updated by Kevin Retzke 7 months ago

sorry, typo:
Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included in the standard OS and browser bundles

#2 Updated by Dennis Box 6 months ago

  • Target version set to v1.3.1


Also available in: Atom PDF