Hi Pierre,
thanks for the info, indeed, i also have another eventlog created for the
SE SRM failures start from '21-May-2008 14:50:29' and end after
'21-May-2008 21:02:55', while other SE yet have problem CRL fetch didnt
fail with SAM testing. we have recover the problem by replicating the
correct crl files to all disk servers including SRM headnode to avoid SAM
testing failures.
thanks
Br,
J
On Thu, 22 May 2008, Pierre GIRARD wrote:
> Hi Jason,
>
> At IN2P3-CC, we had various authentication errors yesterday because of that
> expired CRL, and oddly at 22:00, new CRL update fixed the problem.
> Today, at 16:00, the problem came back.
>
> I sent a mail to cern-ca-managers to inform them of that.
>
> Hope that helps.
>
> Pierre
>
> Jason Shih a écrit :
> > Dear all,
> >
> >
> > while checking one of the SE (classic) that have fail with SAM SRM testing
> > since '22-May-2008 10:07:50', i found that crl fetch from ca_CERN-TCA crl
> > url fail to pass verification process and the expiration date shift back to
> > May 1st:
> >
> > --
> > # ls
> > 1d879c6c.0 1d879c6c.crl_url 1d879c6c.info 1d879c6c.r0
> > 1d879c6c.signing_policy fetch-crl fetch-crl.sh
> >
> > # rm *.r0
> > rm: remove regular file `1d879c6c.r0'? y
> > [root@dpm01 j]# ./fetch-crl --loc . -out . --no-check-certificate
> > fetch-crl: [2008/05/22-14:43:01] Using OpenSSL version OpenSSL 0.9.7a Feb 19
> > 2003 at /usr/bin/openssl
> > fetch-crl: [2008/05/22-14:43:01] processing './1d879c6c.crl_url'
> > fetch-crl: [2008/05/22-14:43:02] updating CRL 'CERN Trusted Certification
> > Authority (1d879c6c)'
> > fetch-crl: [2008/05/22-14:43:02] verify failed for CA certificate issued by
> > 'CERN Trusted Certification Authority (1d879c6c)' (/DC=ch/DC=cern/CN=CERN
> > 20)
> >
> > # grep Update *r0
> > Last Update: Apr 29 14:56:31 2008 GMT
> > Next Update: May 1 15:16:31 2008 GMT
> >
> >
> >
> > while the other crl available at the other grid server nodes yet have been
> > updated and did have the correcr end time comparing with current trial. any
> > idea?
> >
> > Br,
> > J
> >
> >
>
>
>
|