Ok, I tried it on the lastest version out of github.
I used your certificate file and your .dodsrc file.
It seems to work fine for me.
So I did this command (using 4.3.2).
The '-h' was just to limit the amount of output.
ncdump -h
'http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22\
E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc'
It produced the output below, as expected.
So not sure why it fails for you. My guess
is that there is some kind of firewall/proxy
at your site that is interfering.
Also, check that your libcurl supports https.
=Dennis Heimbigner
netcdf tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_1950010\
1-19501231 {
dimensions:
time = UNLIMITED ; // (365 currently)
bnds = 2 ;
maxStrlen64 = 64 ;
rlat = 412 ;
rlon = 424 ;
variables:
char rotated_pole(maxStrlen64) ;
rotated_pole:grid_mapping_name = "rotated_latitude_longitude" ;
rotated_pole:grid_north_pole_latitude = 39.25f ;
rotated_pole:grid_north_pole_longitude = -162.f ;
.....
}
plieger wrote:
Hi Dennis,
Thanks! But it does not work:
ncdump -h
"http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log"
syntax error, unexpected WORD_STRING, expecting WORD_WORD
context: Error { code = 404; message =
"cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log"^;};
ncdump:
http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc#noprefetch&show=fetch&log:
NetCDF: Malformed or inaccessible DAP DDS
I created a tarball with a valid .dodsrc, credential valid for 10 hours,
and a text file with an opendap link. This should work if you cd in the
dir netcdf_x509test and do:
ncdump -h
http://carbon.dkrz.de/thredds/dodsC/cordex/output/EUR-11/KNMI/ICHEC-EC-EARTH/historical/r1i1p1/KNMI-RACMO22E/v1/day/tas/v20140313/tas_EUR-11_ICHEC-EC-EARTH_historical_r1i1p1_KNMI-RACMO22E_v1_day_19500101-19501231.nc
If the creds.pem expires I can send you a new one. I will see if I can
make one with a longer validity period. You can see the expiry date with
openssl x509 -in creds.pem -noout -text
Thanks,
Maarten
On 07/15/2014 06:53 PM, Dennis Heimbigner wrote:
Unfortunately, I do not have an acct with ESG,
so it is going to be difficult to debug this.
Let me start by asking you to do the following:
1. append the string '#noprefetch&show=fetch&log'
to your url
2. send me the output of, say, ncdump using the modified url
=Dennis Heimbigner
Unidata
plieger wrote:
Hi all,
I have a question about the netcdf 4.3.2 library and accessing ESGF
opendap servers which are secured with x509 client authentication.
I usually store config settings about my certificate and ssl in the
.httprc file, I have several of them at different places. In the past I
used the $HOME environment variable to designate which one to use, but
this does not seem to work with netcdf 4.3.2.
As described in
http://www.unidata.ucar.edu/software/netcdf/docs/netcdf/DAP-Support.html
chapter 4.12.4 HTTP Configuration, you can either set the current
working directory to this place or export the HOME variable to the
directory where this file resides. I found this very useful
functionality (now I have to change the working directory all the time).
This is an example of such an .httprc file:
HTTP.SSL.VALIDATE=0
HTTP.COOKIEJAR=/someplace/.dods_cookies
HTTP.SSL.CERTIFICATE=/someplace//certs/creds.pem
HTTP.SSL.KEY=/someplace/creds.pem
HTTP.SSL.CAPATH=/someplace/esg_trusted_certificates/
Is it possible to get this back working again?
Thanks,
Maarten Plieger
_______________________________________________
netcdfgroup mailing list
netcdfgroup@xxxxxxxxxxxxxxxx
For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/