Project

General

Profile

Task #5137

Fix DataONE CA chain file location in cn-buildout

Added by Chris Jones about 8 years ago.

Status:
New
Priority:
Normal
Assignee:
Category:
d1_cn_buildout
Target version:
Start date:
2014-04-25
Due date:
% Done:

0%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

We had been using /var/local/dataone as the location for trusted CA certificates on the CN, but in 2012 we changed to using a single chain file rather than a directory. I made this change in the cn-ssl config, but (inadvertantly?) used /etc/ssl/certs for tha DataONECAChain.crt file location.

When this file isn't hashed during c_rehash, there is no duplicate hashes created for the DataONERootCA certificate, but when it is, using /etc/ssl/certs in curl operations fail.

The easiest fix is to move the DataONECAChain.crt file back to /var/local/dataone in cn-ssl, so there isn't the potential for a conflict.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)