XRootD pre-4.9.0 clients
reject long-lived x509 certificates!
XRootD GSI clients prior to release
4.9.0 suffer from the UNIX Y2K problem.
This
means that certificates that expire past 2038 cannot be verified and will be
rejected; causing authentication to fail. This most frequently happens with CA
certificates that have a long lifetime.
There
are only two solutions to this problem:
·
Update
your clients to at least version 4.9.0, or
·
get
a certificate with an expiration date prior to 2038 until your clients have
migrated to a supported release.