[log in to unmask] will reach them.
"Ian Stokes-Rees" <[log in to unmask]> wrote:
__________
> UK e-Science CA
> Hello,
> I am having trouble with the UK e-Science CA. The web site does not
>work (http://ca.grid-support.ac.uk/), and CRL updates timeout. Also,
>other CRL updates fail with the edg-fetch-crl command.
> Since the website is dead I have emailed lcg-support at RAL and
>TB-SUPPORT in hopes someone can (if appropriate) redirect this message
>to the CA staff -- I do not have an email address for them.
> I am trying to use edg-fetch-crl (version details below). It is failing
>for the list of entries listed below. The command either hangs (in
>which case a CTRL-C after a few minutes moves on to the next in the
>list), or returns an error message (listed below). It appears that
>without a recent CRL validation of a user certificate is impossible
>(this seems reasonable!). The CRL for UK e-Science CA states:
> Next Update: Dec 23 09:08:14 2004 GMT
> And since this has past, the node (grid.physics.ox.ac.uk) will no longer
>validate UK e-Science certificates.
> Is there any way I can temporarily disable CRL checking? I *really*
>need to have this node accept my certificate on the basis that it is
>still valid alone. Moving 16da7552.r0 to DISABLE_CRL_01621954.r0 and
>restarting Apache seems to work for HTTPS access, but will this work for
>LCG tools?
> Is there something wrong with the e-Science CA website?
> Cheers,
> Ian.
> ERROR MESSAGES
>--------------
> verify failed for CRL issued by 'DataGrid' (verify failure)
> verify failed for CA certificate issued by 'Certification'
>(/C=ES/O=DATAGRID-ES/CN=DATAGRID-ES 10)
> could not download a valid file from
>'http://www.cs.ucy.ac.cy/crossgrid/cygrid/cygrid-ca/crl.pem'
> verify failed for CA certificate issued by 'HEP' (/O=Grid/O=UKHEP/CN=UK 10)
> FAILED CRL FILES
>----------------
> [root@grid certificates]# cat
>/etc/grid-security/certificates/01621954.crl_url
> http://ca.grid-support.ac.uk/cgi-bin/importCRLpem
> [root@grid certificates]# cat
>/etc/grid-security/certificates/34a509c3.crl_url
> http://igc.services.cnrs.fr/cgi-bin/loadcrl?CA=CNRS-Projetsformat=PEM
> [root@grid certificates]# cat
>/etc/grid-security/certificates/0ed6468a.crl_url
> http://www.gridpp.ac.uk/ca/ca-crl.pem
> [root@grid certificates]# cat
>/etc/grid-security/certificates/84c1f123.crl_url
>
|