[Ru_ngi] RDIG CRL problem

Viktor Kotliar Viktor.Kotliar at ihep.ru
Thu May 16 11:40:28 MSK 2024 

Всем привет!
Нам тут выставили тикет [1]

При работе с нашим SE некоторые получают "No CRLs found for issuer 
"cn=Russian Data-Intensive Grid CA,o=RDIG,c=RU", это проблема не нашего 
сайта, я верно понимаю? Вопрос только это проблема их клиента или RDIG 
CA. Никто больше не словил такого?

Вот лог с ошибкой [2]  Либо кусочек из лога [3]

С уважением
Виктор Котляр


[1]
```
https://ggus.eu/index.php?mode=ticket_info&ticket_id=166785
```

[2]
```
https://fts-atlas-008.cern.ch:8449/var/log/fts3/transfers/2024-05-14/se0002.m45.ihep.su__clrlcgse01.in2p3.fr/2024-05-14-2359__se0002.m45.ihep.su__clrlcgse01.in2p3.fr__6500003593__f57be15c-124d-11ef-9b33-fa163ea7ee69
```

[3]
```
NFO    Wed, 15 May 2024 01:59:19 +0200; Davix: Hop: 
https://clrlcgse01.in2p3.fr:443/dpm/in2p3.fr/home/atlas/atlasdatadisk/rucio/data17_13TeV/a2/e2/DAOD_PHYS.37020486._001025.pool.root.1
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix:
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > COPY 
/dpm/in2p3.fr/home/atlas/atlasdatadisk/rucio/data17_13TeV/a2/e2/DAOD_PHYS.37020486._001025.pool.root.1 
HTTP/1.1
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Host: clrlcgse01.in2p3.fr
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Accept: */*
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Source: 
https://se0002.m45.ihep.su:2880/atlas/atlasdatadisk/rucio/data17_13TeV/a2/e2/DAOD_PHYS.37020486._001025.pool.root.1?<redacted>
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > X-Number-Of-Streams: 1
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Secure-Redirection: 1
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > ClientInfo: 
job-id=f57be15c-124d-11ef-9b33-fa163ea7ee69;file-id=6500003593;retry=0
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > TransferMetadata: 
eyJrZXkiOiAibXkgbWV0YWRhdGEifQ==
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > 
TransferHeaderAuthorization: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Credential: none
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > Authorization: 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > 
RequireChecksumVerification: false
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > TransferMetadata: 
eyJjb2xsb2NhdGlvbl9oaW50cyI6IHt9fQ==
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > SciTag: 145
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: > User-Agent: 
libdavix/0.8.6.1.eddf9a5 libcurl/7.76.1
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix:
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: < HTTP/1.1 202 Accepted
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: < Date: Tue, 14 May 2024 
23:59:19 GMT
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: < Server: dCache/8.2.40
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: < Content-Type: 
text/perf-marker-stream
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: < Transfer-Encoding: chunked
INFO    Wed, 15 May 2024 01:59:19 +0200; Davix: PerformanceMarker:
failure: The peer's certificate with subject's DN 
CN=se0002.m45.ihep.su,OU=ihep.su,OU=hosts,O=RDIG,C=RU was rejected. The 
peer's certificate status is: FAILED The following validation errors 
were found:;error at position 0 in chain, problematic certificate 
subject: CN=se0002.m45.ihep.su,OU=ihep.su,OU=hosts,O=RDIG,C=RU 
(category: CRL): No valid CRL was found for the CA which issued the 
chain Cause: No CRLs found for issuer "cn=Russian Data-Intensive Grid 
CA,o=RDIG,c=RU"

INFO    Wed, 15 May 2024 01:59:19 +0200; Gfal2: Copy failed with mode 
3rd pull: Transfer failure: The peer's certificate with subject's DN 
CN=se0002.m45.ihep.su,OU=ihep.su,OU=hosts,O=RDIG,C=RU was rejected. The 
peer's certificate status is: FAILED The following validation errors 
were found:;error at position 0 in chain, problematic certificate 
subject: CN=se0002.m45.ihep.su,OU=ihep.su,OU=hosts,O=RDIG,C=RU 
(category: CRL): No valid CRL was found for the CA which issued the 
chain Cause: No CRLs found for issuer "cn=Russian Data-Intensive Grid 
CA,o=RDIG,c=RU"
```

More information about the Ru_ngi mailing list