Hi Ewan
I've been waiting for a little extra information before writing to the
users list since many of us have had the expiry notification. What the
notification does not tell you is that after the last CA event all
(minus a few!) UK users were registered via VOMRS with both their now
expired certificate and the new one (which you have recently started
using). I suspect in your case you are one of the "minus a few" who got
overlooked in one of the registrations (for ATLAS). I'm aware of one
other instance that affects an LHCb user.
If the old certificate had not yet expired you could do the update via
VOMRS yourself. The easiest way to fix it now (assuming this is the
reason) is to contact the VO admin directly and explain that you are now
using a certificate with the new CA DN.
I will be interested to hear from anyone else who has seen this problem.
Incidentally, GridPP hosted VOs will require you to renew your
registration with the new certificate since only the CERN hosted VOs
registered all the new certificates automatically (to avoid the DN
switching problems seen last year as they still use that check in VOMS).
Jeremy
-----Original Message-----
From: Testbed Support for GridPP member institutes
[mailto:[log in to unmask]] On Behalf Of Ewan MacMahon
Sent: 04 August 2008 15:57
To: [log in to unmask]
Subject: Certifcate problem
Hi all,
I'm having an odd problem with my personal certificate, I don't think
it's a direct consequence of the CA rollover, but I'm not at all sure.
I've had a pair of emails this morning from the CERN VOMS server (one
for my dteam membership, one for atlas) saying that my certificate:
"has been changed from Approved to Expired due to following
reason: Certificate signed by /C=UK/O=eScienceCA/OU=Authority/CN=CA
is not longer valid."
Somewhat oddly I can still happily voms-proxy-init as a member of dteam,
but not of atlas (using my new certificate which was signed with the new
CA). Similarly the VOMS web interface for dteam seems to recognise my
certificate, and the atlas one doesn't. However, if I try to re-register
for the atlas VO I can't since my DN is already in the list.
At this point I'm not sure where to go next, so I'd be grateful for
suggestions on:
- What's causing this?
- Is it just me, or a more widespread problem?
- How do I fix it?
Ewan
|