On Dec 18, 2025, at 1:55âAM, KÃhn, Max (SCC) <max.fischer@xxxxxxx> wrote:
Hi all,
I was just about to rig our Collector to use grid host certificates when I realised it auto-generated a set of cert/key files already. This seems to be driven by the undocumented (?) config settings
AUTH_SSL_AUTOGENERATE_CERTFILE
AUTH_SSL_AUTOGENERATE_KEYFILE
And indeed the files are there and SSL key/cert.
However, when a client tries to connect (this is for client-without-certf) that key/cert is useless because it is self-signed. [0]
What knobs do I need to turn so that clients can â safely â connect to such autogenerated SSL credentials?
Cheers,
Max
[0]
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL: trying to continue reading.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL: trying to continue reading.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: Trying to connect.
12/18/25 08:46:07 (pid:157093) (D_SECURITY) -Error with certificate at depth: 1
12/18/25 08:46:07 (pid:157093) (D_SECURITY) issuer = /O=condor/CN=<redacted>
12/18/25 08:46:07 (pid:157093) (D_SECURITY) subject = /O=condor/CN=<redacted>
12/18/25 08:46:07 (pid:157093) (D_SECURITY) err 19:self-signed certificate in certificate chain
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL: library failure: error:0A000086:SSL routines::certificate verify failed
12/18/25 08:46:07 (pid:157093) (D_SECURITY) SSL Auth: SSL Authentication failed
12/18/25 08:46:07 (pid:157093) (D_SECURITY) AUTHENTICATE: method 256 (SSL) failed._______________________________________________
HTCondor-users mailing list
To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
subject: Unsubscribe
The archives can be found at: https://www-auth.cs.wisc.edu/lists/htcondor-users/
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}