[HTCondor-users] How does AUTH_SSL_AUTOGENERATE_*FILE work for clients?

[KÃhn, Max (SCC) <max.fischer@xxxxxxx>]

Hi all,

I was just about to rig our Collector to use grid host certificates when I realised it auto-generated a set of cert/key files already. This seems to be driven by the undocumented (?) config settings

	AUTH_SSL_AUTOGENERATE_CERTFILE
	AUTH_SSL_AUTOGENERATE_KEYFILE

And indeed the files are there and SSL key/cert.

However, when a client tries to connect (this is for client-without-certf) that key/cert is useless because it is self-signed. [0]

What knobs do I need to turn so that clients can â safely â connect to such autogenerated SSL credentials?

Cheers,
Max

[0]
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL: trying to continue reading.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL: trying to continue reading.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) -Error with certificate at depth: 1
12/18/25 08:46:07 (pid:157093) (D_SECURITY)   issuer   = /O=condor/CN=<redacted>
12/18/25 08:46:07 (pid:157093) (D_SECURITY)   subject  = /O=condor/CN=<redacted>
12/18/25 08:46:07 (pid:157093) (D_SECURITY)   err 19:self-signed certificate in certificate chain
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL: library failure: error:0A000086:SSL routines::certificate verify failed
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL Authentication failed
12/18/25 08:46:07 (pid:157093) (D_SECURITY) AUTHENTICATE: method 256 (SSL) failed.

Attachment: smime.p7s
Description: S/MIME cryptographic signature