Asif Osman wrote:
> Hi JJK,
>
> Here are snapshots of two attempts for upgrading CRLs. But both are not updating 367b75c3.r0 and d254cc30.r0 files. 2nd one file is ok, as its Next Update is Mar 4 19:36:11 2009 GMT. But what should I do for 367b75c3.r0?
>
> [root@ce certificates]# /opt/glite/libexec/fetch-crl.sh|grep "uk"
> fetch-crl[9650]: 20080923T173217+0600 RetrieveFileByURL: download no data from http://www.romaniangrid.ro/crl/crl-v2.der
> fetch-crl[9650]: 20080923T173217+0600 Attempt to install 2418a3f3.r0 failed since the current CRL is more recent than the one that was downloaded.
> =====>>>>/usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.n11158 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der\n
> fetch-crl[9650]: 20080923T173237+0600 verify failed for CRL issued by 'UK e-Science CA (367b75c3)' (Error getting CRL issuer certificate)
> =====>>>>/usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.s12178 http://ca.grid-support.ac.uk/pub/crl/root-crl.der\n
> fetch-crl[9650]: 20080923T173504+0600 RetrieveFileByURL: download no data from http://www.gridcanada.ca/ca/bffbd7d0.r0
> fetch-crl[9650]: 20080923T173706+0600 RetrieveFileByURL: download no data from http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl
> fetch-crl[9650]: 20080923T173706+0600 Persistent errors (9 hours) for d254cc30:
> fetch-crl[9650]: 20080923T173706+0600 Could not download any CRL from /etc/grid-security/certificates//d254cc30.crl_url:
> fetch-crl[9650]: 20080923T173706+0600 download failed from 'http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl'
> fetch-crl[9650]: 20080923T173706+0600 download for http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl is not valid and none of the URLs in '/etc/grid-security/certificates//d254cc30.crl_url' is operational
> [root@ce certificates]# /usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.n11158 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
> [root@ce certificates]# ll 367b75c3.*
> -rw-r--r-- 1 root root 48 Sep 23 09:40 367b75c3.crl_url
> -rw-r--r-- 1 root root 441 Sep 23 09:40 367b75c3.info
> -rw-r--r-- 1 root root 123930 Sep 23 17:16 367b75c3.r0
> -rw-r--r-- 1 root root 238 Sep 23 09:40 367b75c3.signing_policy
> [root@ce certificates]# /usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.s12178 http://ca.grid-support.ac.uk/pub/crl/root-crl.der
>
ow this output is giving a very good hint: the .0 file (i.e. the
certificate itself!!) is missing !!
Try reinstalling the lcg-CA rpm to see if that fixes the problem for you.
Alternatively you can grab the 367b75c3.0 from somewhere else (I could
even email it to you).
cheers,
JJK / Jan Just Keijser
Nikhef Amsterdam
|