Yes, a month is probably reasonable, but it can easily take a week to
get new certificates from some CA's. Eventually it shuld monitor all
serivces that have a certificate - now we start to get into the area of
configuration management as then we need to keep an up-to-date list of
which services are provided by each site. This is absolutely where we
need to go, and this cert monitor is a good start.
Ian
> -----Original Message-----
> From: Gordon, JC (John) [mailto:[log in to unmask]]
> Sent: 26 November 2003 10:39
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] Improvements to Gppmon
>
> I think a month is a reasonable time to start warning sites.
> Is the current
> monitoring just looking at the CEs? It should probably monitor other
> services too. It will be bad if an LRC or RB cert expires.
>
> John
>
> -----Original Message-----
> From: Ian Bird [mailto:[log in to unmask]]
> Sent: 26 November 2003 09:32
> To: [log in to unmask]
> Subject: Re: [LCG-ROLLOUT] Improvements to Gppmon
>
>
> Continuing this discussion - actually I think that those that will
> expire in less than 1 week should be a red dot, and those that have
> expired should have been pre-emptively removed from the service and
> appear black. We cannot allow the certificates to expire without
> action.
>
> Ian
>
> >
>
|