You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When adding support for a VOMS server, I needed to add a new CA into the trust store and a corresponding .lsc file. At this time I added only the SHA1-hash symbolic links for the PEM-encoded certificate, the .namespaces and the .signing_policy files in the trust store (/etc/grid-security/certificates). This failed to work.
After some investigation, I discovered that after adding the MD5-hash symbolic links the validation started to work. Removing the SHA1 symbolic links did not stop the validation from succeeding.
It appears that VOMS validation, at least when using .lsc files, requires MD5-hash symbolic links.
The following is an example of the VOMS validation errors produced when the MD5 symbolic links (for the CA that issued the VOMS certificate) were missing:
05 Feb 2016 17:31:17 (gPlazma) [qhc:1:srm2:ls SRM-prometheus Login AUTH voms]
Validation failure QtX9: [[canlError]:CAnL certificate validation error: No trusted CA
certificate was found for the certificate chain, [canlError]:CAnL certificate validation
error: Trusted issuer of this certificate was not established, [invalidAcCert]:LSC
validation failed: AA certificate chain embedded in the VOMS AC failed certificate
validation!, [aaCertNotFound]:AC signature verification failure: no valid VOMS server
credential found.]
The text was updated successfully, but these errors were encountered:
When adding support for a VOMS server, I needed to add a new CA into the trust store and a corresponding
.lsc
file. At this time I added only the SHA1-hash symbolic links for the PEM-encoded certificate, the.namespaces
and the.signing_policy
files in the trust store (/etc/grid-security/certificates
). This failed to work.After some investigation, I discovered that after adding the MD5-hash symbolic links the validation started to work. Removing the SHA1 symbolic links did not stop the validation from succeeding.
It appears that VOMS validation, at least when using
.lsc
files, requires MD5-hash symbolic links.The following is an example of the VOMS validation errors produced when the MD5 symbolic links (for the CA that issued the VOMS certificate) were missing:
The text was updated successfully, but these errors were encountered: