Rafal Lichwala wrote:
> Hi Frederic, Hi Judit,
>
> Thanks for your suggestions, but... unfortunately it still does not work...
>
> Some facts:
>
> I'm using two web browsers: KDE Konqueror and Mozilla Firefox.
> In both of them I've just reloaded my client certificate and Polish CA
> certificate - it did not help anyway...
> Both certificates are proper and valid - I've checked this twice :)
> I used those certificates in both web browsers before the problems with polish
> CA CRL list - and it worked until now.
>
> Could anyone help me with this problem....?
>
> My suggestions:
>
> When I'm using Mozilla Firefox there is a message (maybe Firefox is just more
> verbose in this issue then Konqueror which just stays silent):
>
> "You have attempted to establish a connection with "lcg-sft.cern.ch". However,
> the security certificate presented belongs to "host/lxb2089.cern.ch". It is
> possible, though unlikely, that someone may be trying to intercept your
> communication with this web site."
That is a normal warning to be ignored.
> As I remember, few days ago Piotr Nyczyk (main developer of SFT-2) sent a post
> about unified SFT-2 results host address "lcg-sft.cern.ch:9443". He also
> mentioned that this domain is related with several machines...
> Is it possible that polish CA CRL has not been updated on one of the machines
> (which I'm trying to negotiate a connection) which is related with this
> domain?
No, I suspect that the httpd decided the CRL had expired and from that time
never looked for a newer version. We will restart the httpd. More news ASAP.
|