Project

General

Profile

Feature #22417

Remove dependancy on OSG CA certs from Jobsub client

Added by Kevin Retzke about 1 year ago. Updated 9 days ago.

Status:
Work in progress
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
04/19/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:
Duration:

Description

Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included the standard OS and browser bundles, I propose changing the client to use the OS default CA bundle by default. This is one less dependency for users to have to install to use the client, and one less thing to go wrong.

Note that the only thing that seems to be keeping this from working right now when setting X509_CERT_DIR=/etc/pki/tls/certs (on an SL6 system) is cigetcert, since the jobsub servers on :443 don't present the CA chain, while they do on :8443.

History

#1 Updated by Kevin Retzke about 1 year ago

sorry, typo:
Now that all Jobsub servers have CA certs that have a chain of trust down to a CA included in the standard OS and browser bundles

#2 Updated by Dennis Box about 1 year ago

  • Target version set to v1.3.1

#3 Updated by Dennis Box 5 months ago

  • Assignee set to Dennis Box

#4 Updated by Dennis Box 5 months ago

  • Assignee deleted (Dennis Box)
  • Status changed from New to Work in progress

see RITM0919428, add line
SSLCACertificatePath /etc/grid-security/certificates to ssl.conf

#5 Updated by Dennis Box 5 months ago

  • Assignee set to Dennis Box

#6 Updated by Dennis Box about 2 months ago

  • Target version changed from v1.3.1 to v1.3.2

#7 Updated by Dennis Box 9 days ago

  • Target version changed from v1.3.2 to v1.3.3

moved to 1.3.3, the SL6 certs bundle doesn't like the rcds servers. Added OSG CA Certs directory back until one of SL6 desupported or certs on RCDS servers updated



Also available in: Atom PDF