> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Stephen Burke
>
> Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Ewan MacMahon said:
> > - Does anyone have the foggiest idea what could possibly be going
on?
>
> Do any of the properties of the certificates look different? The first
> thing that springs to my mind is the key length ...
>
Identical as far as I can see. I've attached the text dumps of the
old and new certificates for t2ce02.physics.ox.ac.uk, and looking
at them with diff it appears that only the dates and the actual
certificate data differ, but the old one works and the new one
doesn't.
Ewan
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 25221 (0x6285)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, O=eScienceCA, OU=Authority, CN=UK e-Science CA
Validity
Not Before: Mar 31 13:21:04 2009 GMT
Not After : Apr 30 13:21:04 2010 GMT
Subject: C=UK, O=eScience, OU=Oxford, L=OeSC, [log in to unmask]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:af:4f:f9:27:47:4d:6d:15:63:51:77:00:5a:0b:
31:bb:a9:f5:40:1c:73:a5:fa:be:6e:b7:a5:e3:c9:
d1:7f:23:57:13:c3:f4:09:60:9d:44:55:0d:d2:ee:
00:69:db:63:8a:4c:53:4f:e8:28:7b:ff:5d:a3:7b:
44:bd:c9:f3:c7:2e:3c:a3:80:88:e5:e4:89:cd:ed:
8d:96:c6:0e:c5:02:a2:a8:59:1b:ed:0e:60:cd:35:
40:84:a5:cd:55:1d:2a:9c:e9:b6:31:0f:53:b5:cc:
a1:ce:98:f2:fd:80:31:55:e1:a4:70:3a:91:4d:3b:
82:78:8b:ea:b8:b1:82:79:55:da:7e:70:87:36:46:
fd:85:68:4f:17:b0:f8:78:aa:2d:e8:f8:5d:1c:1f:
d0:bb:65:a4:ca:8e:a4:2b:e5:7e:12:c6:a0:13:2f:
d3:0a:f0:80:3a:48:4b:81:e1:bd:67:9a:b2:3c:9d:
a1:da:ab:aa:78:2c:94:72:ff:8a:e8:7b:21:59:05:
93:c9:c8:b1:4d:68:03:fb:ef:d0:38:c8:08:3e:be:
0b:94:43:79:2c:38:38:df:86:46:01:4e:32:5d:fc:
06:04:34:51:e4:18:1e:06:63:13:40:b3:6f:f4:a1:
9e:73:b4:76:ef:f6:de:a2:57:dc:7a:3c:04:06:1f:
87:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
Netscape Comment:
UK e-Science Host Certificate
X509v3 Subject Key Identifier:
D9:38:5E:A2:D4:9D:A9:E9:CB:89:DD:90:79:3D:02:75:E2:AB:83:95
X509v3 Authority Key Identifier:
keyid:66:61:DD:7A:0D:E6:5F:DB:8A:85:02:B6:31:35:AD:D8:AC:5D:87:12
X509v3 Subject Alternative Name:
DNS:t2ce02.physics.ox.ac.uk
X509v3 Issuer Alternative Name:
email:[log in to unmask]
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11439.1.1.1.1.8
Netscape CA Revocation Url:
http://ca.grid-support.ac.uk/pub/crl/root-crl.crl
Netscape Revocation Url:
http://ca.grid-support.ac.uk/pub/crl/ca-crl.crl
X509v3 CRL Distribution Points:
URI:http://ca.grid-support.ac.uk/pub/crl/ca-crl.crl
Signature Algorithm: sha1WithRSAEncryption
14:06:68:bd:1c:d2:0f:f4:27:08:59:b8:78:f7:73:8f:ba:5f:
d0:2c:63:ae:d4:a4:83:e7:ab:2a:81:8d:c4:c1:ad:b0:f5:c6:
3d:24:c4:12:36:13:39:67:5a:ac:8e:31:d3:1e:54:63:cd:d5:
fb:a4:91:4f:4b:a8:db:a0:dc:ff:45:42:bf:5a:7f:30:8c:ab:
f9:63:c4:9c:63:e9:fe:95:9b:43:c6:94:5a:af:5a:3b:ac:a2:
73:ad:7b:2a:7d:f7:3a:ca:2c:78:0c:b6:e3:dc:e0:91:4e:10:
60:01:1a:5b:11:0c:53:da:3c:df:3a:4b:25:dc:8d:38:bc:59:
76:ba:95:a7:f4:c6:0a:d2:88:f3:ee:cc:1a:e9:54:40:b1:cd:
5f:c5:6b:43:83:31:7d:ab:a2:ca:60:25:52:03:ba:75:1e:93:
46:d3:a6:b2:f5:a6:eb:02:e0:6d:6c:3a:ea:ee:ab:1e:4c:47:
af:19:e2:3e:f1:50:95:a8:e0:6e:99:1d:69:77:09:5b:7c:0e:
fa:64:b9:5d:2e:d5:ec:f5:af:a1:f2:f5:9d:79:69:59:89:0b:
4a:0f:91:22:d5:da:0d:63:6b:09:ea:fe:f5:63:5b:66:93:5c:
2a:90:13:20:d8:59:b4:2a:80:f3:b5:1c:32:87:dc:ad:d6:cb:
93:6f:98:6a
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgICYoUwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVUsx
EzARBgNVBAoTCmVTY2llbmNlQ0ExEjAQBgNVBAsTCUF1dGhvcml0eTEYMBYGA1UE
AxMPVUsgZS1TY2llbmNlIENBMB4XDTA5MDMzMTEzMjEwNFoXDTEwMDQzMDEzMjEw
NFowgYwxCzAJBgNVBAYTAlVLMREwDwYDVQQKEwhlU2NpZW5jZTEPMA0GA1UECxMG
T3hmb3JkMQ0wCwYDVQQHEwRPZVNDMSAwHgYDVQQDExd0MmNlMDIucGh5c2ljcy5v
eC5hYy51azEoMCYGCSqGSIb3DQEJARYZZ3JvbmJlY2hAcGh5c2ljcy5veC5hYy51
azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK9P+SdHTW0VY1F3AFoL
Mbup9UAcc6X6vm63pePJ0X8jVxPD9AlgnURVDdLuAGnbY4pMU0/oKHv/XaN7RL3J
88cuPKOAiOXkic3tjZbGDsUCoqhZG+0OYM01QISlzVUdKpzptjEPU7XMoc6Y8v2A
MVXhpHA6kU07gniL6rixgnlV2n5whzZG/YVoTxew+HiqLej4XRwf0LtlpMqOpCvl
fhLGoBMv0wrwgDpIS4HhvWeasjydodqrqngslHL/iuh7IVkFk8nIsU1oA/vv0DjI
CD6+C5RDeSw4ON+GRgFOMl38BgQ0UeQYHgZjE0Czb/ShnnO0du/23qJX3Ho8BAYf
h70CAwEAAaOCAc0wggHJMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgbA
MA4GA1UdDwEB/wQEAwID6DAsBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIEhv
c3QgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNk4XqLUnanpy4ndkHk9AnXiq4OVMB8G
A1UdIwQYMBaAFGZh3XoN5l/bioUCtjE1rdisXYcSMCIGA1UdEQQbMBmCF3QyY2Uw
Mi5waHlzaWNzLm94LmFjLnVrMCUGA1UdEgQeMByBGnN1cHBvcnRAZ3JpZC1zdXBw
b3J0LmFjLnVrMBkGA1UdIAQSMBAwDgYMKwYBBAHZLwEBAQEIMEAGCWCGSAGG+EIB
BAQzFjFodHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL3B1Yi9jcmwvcm9vdC1j
cmwuY3JsMD4GCWCGSAGG+EIBAwQxFi9odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFj
LnVrL3B1Yi9jcmwvY2EtY3JsLmNybDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v
Y2EuZ3JpZC1zdXBwb3J0LmFjLnVrL3B1Yi9jcmwvY2EtY3JsLmNybDANBgkqhkiG
9w0BAQUFAAOCAQEAFAZovRzSD/QnCFm4ePdzj7pf0CxjrtSkg+erKoGNxMGtsPXG
PSTEEjYTOWdarI4x0x5UY83V+6SRT0uo26Dc/0VCv1p/MIyr+WPEnGPp/pWbQ8aU
Wq9aO6yic617Kn33OsoseAy249zgkU4QYAEaWxEMU9o83zpLJdyNOLxZdrqVp/TG
CtKI8+7MGulUQLHNX8VrQ4MxfauiymAlUgO6dR6TRtOmsvWm6wLgbWw66u6rHkxH
rxniPvFQlajgbpkdaXcJW3wO+mS5XS7V7PWvofL1nXlpWYkLSg+RItXaDWNrCer+
9WNbZpNcKpATINhZtCqA87UcMofcrdbLk2+Yag==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 28472 (0x6f38)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=UK, O=eScienceCA, OU=Authority, CN=UK e-Science CA
Validity
Not Before: Apr 6 12:14:16 2010 GMT
Not After : May 6 12:14:16 2011 GMT
Subject: C=UK, O=eScience, OU=Oxford, L=OeSC, [log in to unmask]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ad:de:e2:33:6e:f7:80:01:3d:81:15:98:88:98:
35:af:4d:e5:04:a7:ff:c4:41:0e:9d:d2:d2:9b:52:
5c:67:ce:eb:5d:83:85:0a:7d:be:f6:83:8e:8b:ca:
45:01:8e:31:bf:35:cc:2d:5e:11:f8:eb:1a:26:fd:
f8:d0:14:38:3d:73:f0:ed:37:96:69:fe:ae:37:07:
5a:4e:b3:32:8d:60:c3:9d:49:eb:38:03:1f:52:e5:
67:db:3d:4f:27:56:b8:96:63:78:18:e4:26:06:df:
5c:74:e3:c1:7c:e4:74:03:84:47:69:56:b4:cd:82:
59:ab:c0:ff:fb:56:d0:a2:e9:53:71:03:1a:e1:50:
15:92:82:d5:f1:d2:67:84:31:de:db:5d:fe:c5:8f:
86:f1:58:f4:4b:5d:02:53:1e:e1:b4:9c:7d:75:75:
c5:a8:fd:bb:bd:54:e7:e5:a0:1e:63:09:30:ef:a2:
81:63:a3:ce:3f:45:37:fa:dd:f7:ad:9e:f7:65:d6:
26:cc:b6:ab:95:ce:1f:e8:7d:dd:a7:62:ac:53:85:
ca:4b:cf:60:26:ef:f5:ac:28:75:62:9b:ed:c7:f1:
3c:6e:a2:74:a7:5e:41:9d:44:38:0e:a9:b4:41:49:
0a:fd:b4:90:36:36:3e:79:6c:cd:dc:51:3b:10:c0:
38:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Key Agreement
Netscape Comment:
UK e-Science Host Certificate
X509v3 Subject Key Identifier:
28:16:1D:8B:C9:01:CA:23:C3:1F:04:B0:11:55:00:51:ED:BA:99:FA
X509v3 Authority Key Identifier:
keyid:66:61:DD:7A:0D:E6:5F:DB:8A:85:02:B6:31:35:AD:D8:AC:5D:87:12
X509v3 Subject Alternative Name:
DNS:t2ce02.physics.ox.ac.uk
X509v3 Issuer Alternative Name:
email:[log in to unmask]
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11439.1.1.1.1.8
Netscape CA Revocation Url:
http://ca.grid-support.ac.uk/pub/crl/root-crl.crl
Netscape Revocation Url:
http://ca.grid-support.ac.uk/pub/crl/ca-crl.crl
X509v3 CRL Distribution Points:
URI:http://ca.grid-support.ac.uk/pub/crl/ca-crl.crl
Signature Algorithm: sha1WithRSAEncryption
98:db:44:8d:62:e0:16:f6:0b:ab:58:5e:d3:f3:da:9d:0c:81:
2a:74:92:c4:e0:74:01:da:16:d7:9f:35:e0:4f:31:ef:e4:7e:
8e:83:2b:07:7d:11:96:34:1e:8b:15:cc:8e:42:0b:42:bc:3e:
9f:3d:ba:c6:fd:bd:fa:86:3e:7b:ee:22:3c:90:76:18:93:28:
64:c7:f0:8b:8d:0d:96:d6:85:ca:36:ed:1d:99:34:23:02:56:
76:70:5a:1c:4c:73:f0:a4:ae:33:4e:88:29:99:c7:bd:0c:0f:
24:77:07:a0:ed:d9:6c:fd:2f:4a:93:aa:bb:70:b0:96:73:41:
57:26:86:53:8f:8a:b2:91:bb:90:a2:d1:58:3b:5a:43:42:3f:
7e:3b:97:dc:2a:e7:53:ef:53:d8:29:52:10:c3:b9:3c:fe:e0:
69:04:7f:4d:70:37:33:43:d4:a9:79:57:48:33:6d:e8:8a:75:
84:5e:bc:1b:b3:ed:05:dd:18:d4:10:ff:ed:0a:08:f8:79:66:
15:2a:6a:67:7e:5e:a7:7c:28:87:92:fe:26:c9:b4:15:0e:87:
89:6e:f5:12:68:ca:01:a8:3a:5a:4d:44:af:54:9f:77:2d:0d:
13:92:a4:f9:46:43:b5:59:89:a6:39:b9:99:ae:32:ca:4c:f8:
69:82:d9:c3
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgICbzgwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMCVUsx
EzARBgNVBAoTCmVTY2llbmNlQ0ExEjAQBgNVBAsTCUF1dGhvcml0eTEYMBYGA1UE
AxMPVUsgZS1TY2llbmNlIENBMB4XDTEwMDQwNjEyMTQxNloXDTExMDUwNjEyMTQx
NlowgYwxCzAJBgNVBAYTAlVLMREwDwYDVQQKEwhlU2NpZW5jZTEPMA0GA1UECxMG
T3hmb3JkMQ0wCwYDVQQHEwRPZVNDMSAwHgYDVQQDExd0MmNlMDIucGh5c2ljcy5v
eC5hYy51azEoMCYGCSqGSIb3DQEJARYZZ3JvbmJlY2hAcGh5c2ljcy5veC5hYy51
azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3e4jNu94ABPYEVmIiY
Na9N5QSn/8RBDp3S0ptSXGfO612DhQp9vvaDjovKRQGOMb81zC1eEfjrGib9+NAU
OD1z8O03lmn+rjcHWk6zMo1gw51J6zgDH1LlZ9s9TydWuJZjeBjkJgbfXHTjwXzk
dAOER2lWtM2CWavA//tW0KLpU3EDGuFQFZKC1fHSZ4Qx3ttd/sWPhvFY9EtdAlMe
4bScfXV1xaj9u71U5+WgHmMJMO+igWOjzj9FN/rd962e92XWJsy2q5XOH+h93adi
rFOFykvPYCbv9awodWKb7cfxPG6idKdeQZ1EOA6ptEFJCv20kDY2PnlszdxROxDA
OAECAwEAAaOCAc0wggHJMAwGA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgbA
MA4GA1UdDwEB/wQEAwID6DAsBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIEhv
c3QgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCgWHYvJAcojwx8EsBFVAFHtupn6MB8G
A1UdIwQYMBaAFGZh3XoN5l/bioUCtjE1rdisXYcSMCIGA1UdEQQbMBmCF3QyY2Uw
Mi5waHlzaWNzLm94LmFjLnVrMCUGA1UdEgQeMByBGnN1cHBvcnRAZ3JpZC1zdXBw
b3J0LmFjLnVrMBkGA1UdIAQSMBAwDgYMKwYBBAHZLwEBAQEIMEAGCWCGSAGG+EIB
BAQzFjFodHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL3B1Yi9jcmwvcm9vdC1j
cmwuY3JsMD4GCWCGSAGG+EIBAwQxFi9odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFj
LnVrL3B1Yi9jcmwvY2EtY3JsLmNybDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v
Y2EuZ3JpZC1zdXBwb3J0LmFjLnVrL3B1Yi9jcmwvY2EtY3JsLmNybDANBgkqhkiG
9w0BAQUFAAOCAQEAmNtEjWLgFvYLq1he0/PanQyBKnSSxOB0AdoW15814E8x7+R+
joMrB30RljQeixXMjkILQrw+nz26xv29+oY+e+4iPJB2GJMoZMfwi40NltaFyjbt
HZk0IwJWdnBaHExz8KSuM06IKZnHvQwPJHcHoO3ZbP0vSpOqu3CwlnNBVyaGU4+K
spG7kKLRWDtaQ0I/fjuX3CrnU+9T2ClSEMO5PP7gaQR/TXA3M0PUqXlXSDNt6Ip1
hF68G7PtBd0Y1BD/7QoI+HlmFSpqZ35ep3woh5L+Jsm0FQ6HiW71EmjKAag6Wk1E
r1Sfdy0NE5Kk+UZDtVmJpjm5ma4yykz4aYLZww==
-----END CERTIFICATE-----
|