Hi Alessandra,
[Sorry for going offtopic for the storage list, I will stick
this into the GOSC helpdesk and we will track it from there.
If you are not Alessandra and have a particular interest in
this, let me know if you want to be kept cc'ed]
It wasn't really automated until now because you are the only person
who has applied for an "unmanageable" amount of certificates.
For the bulk request, there are scripts you can use. Mike
wrote one but we have a new one in python.
For the approval, we will have to "cheat". If you make all 1000
requests with the same PIN, we know that they belong together.
It also helps if they have similar DNs, e.g. grid000.man.ac.uk
to grid999.man.ac.uk. If *you* approve *one*, we will approve the
rest by modifying the database. It's a hack but should work
and it is consistent with the CP/CPS and the overall CA security.
Unfortunately we don't yet have any bulk *signing* facility
but perhaps we can hack something if we have a couple of days.
We need to solve the notification problem first, though. When
you apply for 1000 certificates, the RA will get 1000 notification
email! Ditto for the certificate issuance notification.
Downloading is trivial if you have the serial numbers, and we can
send you those. You may not get consecutive ones (depending on
whether and how we solve the signing).
So I'll get back to you about the scripts and let you know when you
can start, no later than Tuesday next week. Hope that's ok.
"Thank you for making a simple CA very happy" :-)
Cheers,
--jens
> -----Original Message-----
> From: GRIDPP2: Deployment and support of SRM and local storage
> management [mailto:[log in to unmask]]On Behalf Of
> Alessandra
> Forti
> Sent: 02 August 2005 09:21
> To: [log in to unmask]
> Subject: Re: certificates bulk requests, approvals and downloads
>
>
> Hi Owen,
>
> > No it does not, poor RA (is it Mike Jones?)
>
> it will be me actually and one of the tier2 sys admin.
>
> It is not ideal if the RA still have to go through a bulk
> request by hand
> for the approval. Why this wasn't automated? Will I also receive
> ~1000 emails of confirmation with the URL to download the
> certificates
> from, or an id number each I have to insert by hand in a WEB page?
>
> Can you point me to these scripts? If you did it I think I missed it.
>
> thanks
>
> cheers
> alessandra
>
> On Fri, 29 Jul 2005, Owen Synge wrote:
>
> > On Fri, 29 Jul 2005 14:00:26 +0100
> > Alessandra Forti <[log in to unmask]> wrote:
> >
> >> Actually....
> >>
> >> I hope the RA aproval can be also performed with this code. :)
> >
> >
> > we are just testing on Red hat for the first time as it was
> developed on
> > debian, and tested on Debian.
> >
> > Do you have access to a debian box, it may make your life
> easier, but
> > Redhat testing must be done either before you use it or after,
> >
> > Regards
> >
> > Owen
> >
> >
> >
> >
> >
> >> On Fri, 29 Jul 2005, Alessandra Forti wrote:
> >>
> >>> Hi Owen,
> >>>
> >>> let me know when I can test the code. I hope the test
> phase doesn't
> >>> have to go through the usual procedure with the RA aproval.
> >>>
> >>> thanks
> >>>
> >>> cheers
> >>> alessandra
> >>>
> >>> On Fri, 29 Jul 2005, Owen Synge wrote:
> >>>
> >>>> On Fri, 29 Jul 2005 12:16:29 +0100
> >>>> Alessandra Forti <[log in to unmask]> wrote:
> >>>>
> >>>>> Hi Jens,
> >>>>
> >>>> Hello
> >>>>
> >>>> its Owen S here, Jens is on Holiday. I am back on support after a
> >>> break > negotiating CERN and RAL's response to the next set of
> >>> feature requests > from the experiments for the next iteration of
> >>> Tier 0/1 SRM development > based upon Castor, sorry for the
> >>> interruption of service. >
> >>>>
> >>>>> is there a way to do certificates bulk requests, approvals and
> >>>>> downloads?
> >>>>
> >>>> Yes but you have to be a Beta tester for some python
> scripts the CA
> >>> have > created.
> >>>>
> >>>>> The date I'll have to do is not that far now.
> >>>>
> >>>> Well the CA line is they shall be very curious to see
> how well you
> >>> get on > with their new code.
> >>>>
> >>>>> thanks
> >>>>
> >>>> I shall chase this up today, and hopefully send you an
> email before
> >>>> close of play today giving details.
> >>>>
> >>>>> cheers
> >>>>> Alessandra
> >>>>
> >>>> Thank you
> >>>>
> >>>> Owen
> >>>>
> >>>> PS
> >>>>
> >>>> The CA has been expecting this for some time.
> >>>>
> >>>
> >>>
> >>
> >> --
> >> ********************************************
> >> * Dr Alessandra Forti *
> >> * Technical Coordinator - NorthGrid Tier2 *
> >> * http://www.hep.man.ac.uk/u/aforti *
> >> ********************************************
> >
>
> --
> ********************************************
> * Dr Alessandra Forti *
> * Technical Coordinator - NorthGrid Tier2 *
> * http://www.hep.man.ac.uk/u/aforti *
> ********************************************
>
|