The CRL published on Wednesday afternoon was an older version.
The correct one was available for download two hours later. It looks
like the same problem occurred on Thursday.
Best regards,
Dimitar
Maria Dimou wrote:
> This problem was also reported by Dimitar at the EMT meeting yesterday.
> He took it offline with Juha.
> I put them in Cc for an update on this.
> yours
> maria
> ------------------------------------------------------------------------
> *Από:* LHC Computer Grid - Rollout εκ μέρους Pierre GIRARD
> *Αποστολή:* Πεμ 5/22/2008 6:05 μμ
> *Προς:* [log in to unmask]
> *Θέμα:* Re: [LCG-ROLLOUT] verify failed for CA certificate issued by
> 'CERN Trusted Certification Authority (1d879c6c)'
>
> Hi Jason,
>
> At IN2P3-CC, we had various authentication errors yesterday because of
> that expired CRL, and oddly at 22:00, new CRL update fixed the problem.
> Today, at 16:00, the problem came back.
>
> I sent a mail to cern-ca-managers to inform them of that.
>
> Hope that helps.
>
> Pierre
>
> Jason Shih a écrit :
> > Dear all,
> >
> >
> > while checking one of the SE (classic) that have fail with SAM SRM
> testing
> > since '22-May-2008 10:07:50', i found that crl fetch from
> ca_CERN-TCA crl
> > url fail to pass verification process and the expiration date shift back
> > to May 1st:
> >
> > --
> > # ls
> > 1d879c6c.0 1d879c6c.crl_url 1d879c6c.info 1d879c6c.r0
> > 1d879c6c.signing_policy fetch-crl fetch-crl.sh
> >
> > # rm *.r0
> > rm: remove regular file `1d879c6c.r0'? y
> > [root@dpm01 j]# ./fetch-crl --loc . -out . --no-check-certificate
> > fetch-crl: [2008/05/22-14:43:01] Using OpenSSL version OpenSSL
> 0.9.7a Feb 19 2003 at /usr/bin/openssl
> > fetch-crl: [2008/05/22-14:43:01] processing './1d879c6c.crl_url'
> > fetch-crl: [2008/05/22-14:43:02] updating CRL 'CERN Trusted
> Certification Authority (1d879c6c)'
> > fetch-crl: [2008/05/22-14:43:02] verify failed for CA certificate
> issued by 'CERN Trusted Certification Authority (1d879c6c)'
> (/DC=ch/DC=cern/CN=CERN 20)
> >
> > # grep Update *r0
> > Last Update: Apr 29 14:56:31 2008 GMT
> > Next Update: May 1 15:16:31 2008 GMT
> >
> >
> >
> > while the other crl available at the other grid server nodes yet
> have been
> > updated and did have the correcr end time comparing with current trial.
> > any idea?
> >
> > Br,
> > J
> >
> >
>
>
> --
> ______________________
> Pierre GIRARD
> French ROC deputy (EGEE/LCG)
> Grid Computing Team Member
> IN2P3/CNRS Computing Centre - Lyon (FRANCE)
> e-mail: [log in to unmask]
> Tel. +33 4.72.69.52.89
> http://cc.in2p3.fr <http://cc.in2p3.fr/>
> CCIN2P3 Tel. +33 4.78.93.08.80 | CCIN2P3 Fax. +33 4.72.69.41.70
>
|