XRootD pre-4.9.0 clients reject long-lived x509 certificates!

 

XRootD GSI clients prior to release 4.9.0 suffer from the UNIX Y2K problem.

 

This means that certificates that expire past 2038 cannot be verified and will be rejected; causing authentication to fail. This most frequently happens with CA certificates that have a long lifetime.

 

There are only two solutions to this problem:

 

·      Update your clients to at least version 4.9.0, or

·      get a certificate with an expiration date prior to 2038 until your clients have migrated to a supported release.