Dear All,
I found out earlier today that our CA root certificate and host
certificates are incompatible with openssl 0.9.7 onwards. This is the
problem we observed in the 64 bit build of globus on HPCX which requires
this newer version of openssl.
The problem lies in the withdrawal of support for the nonstandard
/Email=blah/ flag in the DN, removed due to incompatibilities with LDAP.
The only valid DN email string is now /emailAddress=blah/.
This is not a bug in openssl nor globus. It's an issue with our CA.
Here's a reference to a recent discussion in the openssl archives:
[log in to unmask]" target="_blank">http:[log in to unmask]
I can see only two possible solutions:
1, get /Email back into the standard and openssl code
2, Make a new CA root certificate and re-issue all UK eScience
certificates.
Please someone tell me I'm wrong!
Mike
--
http://www.sve.man.ac.uk/General/Staff/jonesM/
|