On Tue, 6 Nov 2007, David Groep wrote:
> Hi Alessandro,
>
> This message is not critical in itself (it just indicates that you run
> fetch-crl without the default warning suppress option "-a 24"). The
> failure to download the NECTEC CRL does not in itself result in a
> critical condition -- until the CRL expires.
> And then your problems will be limited to interactions with users and
> services associated with the NECTEC CA (i.e. those being in or originating
> from Thailand).
>
> BTW: at the moment I can happily retrieve this CRL from the URL mentioned.
Hi David,
at CERN we have not been able to get a successful download of that CRL
since Jun 25:
-------------------------------------------------------------------------------
[root@ce101 certificates]# ll 8a047de1.*
-rw-r--r-- 1 root root 1367 Oct 9 10:25 8a047de1.0
-rw-r--r-- 1 root root 50 Oct 9 10:25 8a047de1.crl_url
-rw-r--r-- 1 root root 264 Oct 9 10:25 8a047de1.info
-rw-r--r-- 1 root root 435 Oct 9 10:25 8a047de1.namespaces
-rw-r--r-- 1 root root 2509 Jun 25 14:00 8a047de1.r0
-rw-r--r-- 1 root root 1259 Oct 9 10:25 8a047de1.signing_policy
-------------------------------------------------------------------------------
I did not investigate it further, since nobody complained and various CAs
have had such instabilities in the past...
I can get the CRL in my _browser_, but wget fails:
-------------------------------------------------------------------------------
$ wget http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl
--19:23:53-- http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl
=> `cacrl.crl'
Resolving gridca.hpcc.nectec.or.th... failed: Temporary failure in name resolution.
-------------------------------------------------------------------------------
> Are you sure there are no other local network issues? The error messages
> mentioned and the inability to run jobs are (should be) unrelated.
>
> Cheers,
> DavidG.
>
> Italiano Alessandro wrote:
> > we are encountering the following problem
> >
> > fetch-crl[9108]: 20071106T182248+0100 processing
> > '/etc/grid-security/certificates/8a047de1.crl_url'
> > fetch-crl[9108]: 20071106T182318+0100 RetrieveFileByURL: download no
> > data from http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl
> > fetch-crl[9108]: 20071106T182318+0100 downloaded file from
> > http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl is not a valid CRL file
> > fetch-crl[9108]: 20071106T182318+0100 Could not download any CRL from
> > /etc/grid-security/certificates/8a047de1.crl_url:
> > fetch-crl[9108]: 20071106T182318+0100 download failed from
> > 'http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl'
> > fetch-crl[9108]: 20071106T182318+0100 download for
> > http://gridca.hpcc.nectec.or.th/pub/crl/cacrl.crl is not valid and none
> > of the URLs in '/etc/grid-security/certificates/8a047de1.crl_url' is
> > operational
> >
> >
> > All the jobs via GRID are failing
> >
> > is it a common problem ???
> >
> > Alessandro Italiano
>
>
>
|