Hi Daniela,
Also don't forget this one, as well: https://savannah.cern.ch/bugs/?57473 !
Question: Each LSC file only has 2 lines; one for the DN of the VOMS
server, and another for the DN of the signing authority. If (as has
been said) these are to change at 8 am next Tuesday (14th February),
must we synchronize our LSC files at exactly that time? That seems
crummy. Or can we have two LSC files at once, somehow? Anybody know the
best thing to do? Evidently, you can use this type of thing (see below)
to have two and once, but does it work? File: voms.gridpp.ac.uk.lsc
[log in to unmask]
/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
------ NEXT CHAIN ------
/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk/X=SOMEDNWITHOUTEMAIL
/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B
Steve
Daniela Bauer wrote:
> For your entertainment (I know I should get out more, but for some
> reason this really irks me):
>
> https://ggus.eu/ws/ticket_info.php?ticket=78991
>
> Daniela
>
> On 8 February 2012 08:14, Robert Frank <[log in to unmask]> wrote:
>
>> Jens, that would be great!
>>
>>
>> On 07/02/12 17:19, Jens Jensen wrote:
>>
>>> Hmm you are right, it slipped through the normal signing process - we
>>> haven't had time to develop and test code to remove the email address
>>> from the host certificates yet, much less making it optional, but I can
>>> perhaps do something manually with the VOMS cert.
>>>
>>> Robert, do you want me to create one by hand and send it to you? Would
>>> that be useful?
>>>
>>> -j
>>>
>>> On 07/02/2012 15:47, Daniela Bauer wrote:
>>>
>>>> I've already filed a ticket. I really don't understand why this cannot
>>>> be fixed, escpecially as we now have to change the lsc files anyway.
>>>> This has been known for at least a year, it's not like this suddenly
>>>> came up. EMI does not support this structure at all and I feel like an
>>>> idiot everytime I have to ask on how to deal with this.
>>>>
>>>> Daniela
>>>>
>>>>
>>>>
>>>> On 7 February 2012 15:43, Robert Frank<[log in to unmask]>
>>>> wrote:
>>>>
>>>>> Hi Daniela,
>>>>>
>>>>> yes, it still has the email address in the DN. I will get a new one
>>>>> without
>>>>> the email address once the CA allows me to do it. Jens has confirmed
>>>>> that
>>>>> they are working on it and that it's pretty high on their todo list.
>>>>> Hopefully, I'll be able to get a new one later this year.
>>>>>
>>>>> Cheers,
>>>>> Robert
>>>>>
>>>>>
>>>>> On 07/02/12 15:16, Daniela Bauer wrote:
>>>>>
>>>>>> Has anybody seen this mysterious certificate and can tell me if it
>>>>>> still has the obsolete email adress in (never mind the CA change) ?
>>>>>>
>>>>>> Cheers,
>>>>>> Daniela
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> From: EGI BROADCAST<[log in to unmask]>
>>>>>> Date: 7 February 2012 14:59
>>>>>> Subject: [ EGI BROADCAST ] Upcoming VOMS server certificate renewal
>>>>>> for voms.gridpp.ac.uk
>>>>>> To: Site administrators/UKI-LT2-IC-HEP<[log in to unmask]>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------------------------------------------------
>>>>>> EGI BROADCAST TOOL : https://operations-portal.egi.eu/broadcast
>>>>>>
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------------------------------------------------
>>>>>> Publication from : robert frank<[log in to unmask]>
>>>>>> Targets : Site
>>>>>> administrators/UKI-LT2-IC-HEP<[log in to unmask]>
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>> Dear site admins,
>>>>>>
>>>>>> the server certificate on voms.gridpp.ac.uk is due to expire on the
>>>>>> 19th
>>>>>> of
>>>>>> February. The new certificate will be installed on the 14th of February
>>>>>> between 8 and 8.30 am UTC.
>>>>>> Due to the rollover of the UK eScience CA, the CA DN that signed the
>>>>>> server
>>>>>> certificate has changed to "/C=UK/O=eScienceCA/OU=Authority/CN=UK
>>>>>> e-Science
>>>>>> CA 2B". All sites supporting any VOs hosted on this server will have to
>>>>>> update their LSC files.
>>>>>>
>>>>>> Best Regards,
>>>>>>
>>>>>> Robert Frank
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------------------------------------------------
>>>>>> link to this broadcast :
>>>>>> https://operations-portal.egi.eu/broadcast/archive/id/597
>>>>>>
>>>>>>
>>>>>> ----------------------------------------------------------------------------------------------------------------
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>
>
>
>
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|