Just checked gridPP VOMS certificate installed at RAL Tier1 UI. It is
voms.gridpp.ac.uk and issued by
"issuer=/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA". If you have
this one installed, you do not need to do anything.
Failed to replace the certificate with the re-signed certificate means that
end user will be rejected by the grid (can't have a proxy certificate/submit
job) and host authentication will fail once the root CRL expired.
Jens, do we have a list of re-signed service certificates (not end user and
host certificate) apart from the confused gridPP VOMS certificate. For
example, any web server certificates have been re-signed?
Cheers,
Mingchao
-----Original Message-----
From: Testbed Support for GridPP member institutes
[mailto:[log in to unmask]] On Behalf Of Jensen, J (Jens)
Sent: 24 July 2008 14:21
To: [log in to unmask]
Subject: Re: Finalising UK CA rollover
Note there was some confusion because there were two valid certificates for
VOMS: host/voms.gridpp.ac.uk and voms.gridpp.ac.uk.
I re-signed the former, but it is not being used by anything (so should have
been revoked, I'd have thunk), but VOMS is using the latter.
The latter has been moved to the new hierarchy long time ago (back in
December 07).
-j
Burke, S (Stephen) wrote:
> Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of Gordon, JC (John)
> said:
>> Do we know of any software which is sensitive to the VOMS
>> certificate?
>
> Traditionally, all VOMS-aware software needed the VOMS cert. There is
> a new configuration option which only checks the DN, but probably many
> sites haven't switched.
>
> Stephen
|