> Install the CA rpms (at the moment you don't need the LCG scripts
> that download the CRLs since they aren't used but you might need
> them in the future if d-cache is ever fixed).
Eeek. It doesn't use CRLs? Eek, I says. Eek.
Sorry maybe I've missed something but I don't remember hearing
this.
You're installing a pool node. Does that mean that it's the
GridFTP server that doesn't use CRLs? Or gsidcap? If the
admin node alone used CRLs then that would be ok-ish (because
you then cannot get turls with a revoked certificate).
JDK 1.4.2 certainly does (appear to) have support for CRLs:
http://java.sun.com/j2se/1.4.2/docs/guide/security/cert3.html#API
-j
|