Project

General

Profile

Feature #22417

Remove dependancy on OSG CA certs from Jobsub client

Added by Kevin Retzke 9 months ago. Updated 18 days ago.

Status:
Work in progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/19/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included the standard OS and browser bundles, I propose changing the client to use the OS default CA bundle by default. This is one less dependency for users to have to install to use the client, and one less thing to go wrong.

Note that the only thing that seems to be keeping this from working right now when setting X509_CERT_DIR=/etc/pki/tls/certs (on an SL6 system) is cigetcert, since the jobsub servers on :443 don't present the CA chain, while they do on :8443.

History

#1 Updated by Kevin Retzke 9 months ago

sorry, typo:
Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included in the standard OS and browser bundles

#2 Updated by Dennis Box 9 months ago

  • Target version set to v1.3.1

#3 Updated by Dennis Box 18 days ago

  • Assignee set to Dennis Box

#4 Updated by Dennis Box 18 days ago

  • Assignee deleted (Dennis Box)
  • Status changed from New to Work in progress

see RITM0919428, add line
SSLCACertificatePath /etc/grid-security/certificates to ssl.conf

#5 Updated by Dennis Box 18 days ago

  • Assignee set to Dennis Box


Also available in: Atom PDF