On 26/04/2010 17:43, Ewan MacMahon wrote:
> - Did something change at the CA at about that time (Jens?)?
No, we have changed nothing at all for the past two years or thereabouts.
In fact most of our extensions are old and crusty and should be replaced
with new and shiny ones (like extendedKeyUsage instead of nsCertType.)
TeraGrid have prodded us to use v2 CRLs and we are still on obsolete
Netscape 4.7-compatible v1 :-P
(This will all be rolled into the Great Leap Forward (aka the
Modernisation) - you will have plenty of time to review the proposed
changes, don't worry.)
The certificates should be the same, except for the obvious changes
(name, key, expiry time.) If you send me the serial numbers of the ones
that work and ones that don't, I can take them out of the archive and
inspect them.
Curiously this returns only LCG-related stuff:
http://www.altavista.com/web/results?fr=altavista&itag=ody&q=%22Identity+reading+failed%22&kgs=0&kls=0
not any general Java stuff. Did any middleware change?
--jens
PS Many thanks to Pete for prodding me, I selectively postpone reading
lists when I am most busy (eg in deadline mode.)
|