I have both
/etc/grid-security/certificates/367b75c3.r0
/etc/grid-security/certificates/53729190.r0
which should I eliminate and which should I keep?
thanks
cheers
alessandra
On 29/01/2013 11:54, John Hill wrote:
> /etc/grid-security/certificates/367b75c3.r0 is also still there after
> upgrading to 1.52.
>
> John
>
> On 29/01/2013 11:38, Alessandra Forti wrote:
>> Hi Jens,
>>
>> I've just upgraded and this is what's left behind in the
>> /etc/grid-security/certificates/ directory
>>
>> #> rpm -qa ca-policy-egi-core
>> ca-policy-egi-core-1.52-1.noarch
>>
>> #> ls /etc/grid-security/certificates/UKeScience*2007*
>> /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url
>> /etc/grid-security/certificates/UKeScienceRoot-2007.pem
>> /etc/grid-security/certificates/UKeScienceRoot-2007.info
>> /etc/grid-security/certificates/UKeScienceRoot-2007.signing_policy
>> /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces
>>
>> cheers
>> alessandra
>>
>>
>> On 29/01/2013 11:34, Jens Jensen wrote:
>>> Dropping old CA certifiate (no valid certs, valid CRL)
>>> These files should go when you upgrade to 1.52:
>>> /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*}
>>>
>>>
>>> It is most important to get rid of *.pem, *.0, and *.r0
>>>
>>> We can watch the CRLs for downloads, see which IP addresses they
>>> come from.
>>>
>>> The main (small) risk is that sites don't remove it (for some reason)
>>> and get hit by the silly test for "expired" at the end of March (at
>>> 23:59:59 UTC).
>>>
>>> There are associated changes in UKeScienceRoot-2007.namespaces and
>>> UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
>>> download point in UKeScienceRoot-2007.crl_url. There is a slight risk
>>> that a bug has slipped through here, despite checking, due to some
>>> undocumented or non-testable "feature" in the code that uses these
>>> files.
>>>
>>> That's it. Any Qs or Cs?
>>>
>>> Cheers
>>> --jens
>>>
>>
>>
>> --
>> Facts aren't facts if they come from the wrong people. (Paul Krugman)
>>
--
Facts aren't facts if they come from the wrong people. (Paul Krugman)
|