Hi John/Daniela
The last announcement was on 5th October (pasted below). The changes
are listed there and should also be here http://grid-deployment.web.cern.ch/grid-deployment/lcg-CAs-v1.36-1/lcg-CA-1.37-1.txt
but the change log is not available... perhaps an old link with the
newer one being https://dist.eugridpma.info/distribution/igtf/current/CHANGES
. The last update for CNRS was back in February.
Other sites are happily running biomed so this must be a local
implementation issue on the storage. RALPP does not seem to support
biomed work.
Jeremy
Forwarded message:
Dear all,
EUGridPMA have announced a new set of CA rpms.
Based on this IGTF release, new CA RPMs have been packaged for EGEE.
Please upgrade within the next eight days at your earliest convenience.
When this timeout is over, SAM will throw critical errors on CA tests
if old CAs are still detected.
See the following page for more details about this new EGEE CA release :
http://grid-deployment.web.cern.ch/grid-deployment/lcg2CAlist.html
The following changes have been implemented in this release:
* Added accredited classic TERENA eScience SSL CA and hierarchy (EU)
* Discontinued NGO-Netrust CA (SG)
* Corrected typo errors in namespaces file for AAACertificateServices
(EU)
Modifications compared to the previous release:
* updated to IGTF Accredited CA distribution version 1.37-1 Classic,
SLCS and MICS profiles, encoded in in new RPM "lcg-CA-1.37-1.noarch.rpm"
* the 'lcg-CA' RPM will be superseded by more specific and aptly named
meta-
packages. In this release, meta-packages for all policies are shipped,
although in simplified form. All of these RPMs today still enshrine the
same dependencies. The new packages will be:
ca-policy-egi-core list of CAs corresponding to EGI central policy
ca-policy-lcg list of CAs corresponding to wLCG policy
Your may or should install both the "egi-core" AND "lcg" meta-packages,
according to your own policies. Note that your organisation or NGI may
have
a specific policy in effect and may have added or removed CAs with
respect
to EGI and/or wLCG policy.
* the next (1.38) release will be distributed via the EGI software
repository, and be based on the new OpenSSL1 compatible format. The
download URL and repository meta-data will change and then to point to
http://repository.egi.eu/sw/production/CAs/
The 1.38 release notes will contain more detailed information regarding
the new repository structure and meta-packages therein.
* Important: this release is not compatible with OpenSSL v1 (used for
example in Fedora12+ and in RHEL6). In you need an OpenSSL v1 compatible
release, please download your distribution from https://dist.eugridpma.info/
Read the EUGridPMA newsletter for more details.
THE NEXT RELEASE WILL BE BASED ON THE NEW FORMAT and contain symlinks
In addition, please note that sites are discouraged from updating CA
rpms
directly from the EUGridPMA repository. The EUGridPMA repository
should not be
regarded as an operational service. Such an assumption may also result
in an
overload of the repository server.
--------- Link to this Broadcast -----------
https://cic.gridops.org/index.php?section=roc&page=broadcast_archive&step=2&typeb=C&idbroadcast=47657
--------------------------------------------
On 24 Nov 2010, at 12:16, John Gordon wrote:
> It should all be here http://www.eugridpma.org/ but I always
> thought the required CA certs were included in the rpms. There was a
> new version recently, did you upgrade?
>
> john
>
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Daniela Bauer
> Sent: 24 November 2010 12:00
> To: [log in to unmask]
> Subject: Re: biomed authentication
>
> Yes, I suspected as much - but where do I get this stuff from and
> where would I put it ? vomsdir ? lsc file ?
>
> Cheers,
>
> Daniela
>
> On 23 November 2010 16:59, Stephen Burke <[log in to unmask]>
> wrote:
> Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Daniela Bauer said:
> 23 Nov 2010 15:09:19 (gPlazma) [v2:srmMkdir:44124712 SRM-gfe02]
> Certificate verification: subject 'C=FR,O=CNRS,CN=GRID2-FR' not
> allowed
> by CA 'C=FR,O=CNRS,CN=CNRS2-Projets'
>
> This sounds like you're missing some part of the info for the French
> CA,
> maybe the signing policy. I assume they have a two-level CA with
> CNRS2-Projet issuing a cert to GRID2-FR which in turn issues the user
> cert, and the error seems to be saying that the intermediate CA is
> invalid.
>
> Stephen
>
>
>
> --
> -----------------------------------------------------------
> [log in to unmask]
> HEP Group/Physics Dep
> Imperial College
> Tel: +44-(0)20-75947810
> http://www.hep.ph.ic.ac.uk/~dbauer/
|