Linked to this thread is the fact that Biomed have ticketed a bunch of
UK sites with these error messages (this will be at least the third time
Lancaster's been ticketed for this problem this year by them). We've
solved ours as there's a "It's not me, it's you" status for tickets (I
suppose we could reassign it back to the VO, but probably not worth).
If people think it's worthwhile I'll ticket biomed tomorrow for
ticketing us too much over this problem.
Cheers,
Matt
On 04/12/2012 02:54 PM, Jeremy Coles wrote:
> Hi Jens
>
>> the sites have not discovered that they have not upgraded, does it
>> mean they are not using the new CAs?
>
> That would be the obvious conclusion. I have not yet seen any complaints/concerns raised by users from those new CAs (btw I'm not suggesting that we should ever wait for that!).
>
> Jeremy
>
>
>
> On 12 Apr 2012, at 09:25, Jens Jensen wrote:
>
>> That sounds right to me as well. The new UK e-Science certificates have
>> been "out" since the 1.39 release (June 2011), and there was a typo
>> fixed in a naming policy file (introduced in 1.41 and fixed in 1.42,
>> both September 2011.
>>
>> And they went "live" in October 2011.
>>
>> And the current release is 1.46.
>>
>> What puzzles me, there are loads of new CA certs in the distribution -
>> if the sites have not discovered that they have not upgraded, does it
>> mean they are not using the new CAs?
>>
>> Anyway, we will investigate...
>>
>> Thanks
>> --jens
>>
>>
>> On 11/04/2012 19:46, Daniela Bauer wrote:
>>> Hi,
>>>
>>> When I've seen that error before, it was the CAs on the user's site
>>> not being up to date.
>>>
>>> Cheers,
>>> Daniela
>>>
>>>
>>> On 11 April 2012 18:28, Andrew Lahiff<[log in to unmask]> wrote:
>>>> Hi,
>>>>
>>>> Does anyone know what this error means:
>>>>
>>>> GSS Minor Status Error Chain:
>>>> globus_gsi_gssapi: SSLv3 handshake problems
>>>> globus_gsi_callback_module: Could not verify credential
>>>> globus_gsi_callback_module: Error with signing policy
>>>> globus_gsi_callback_module: Error in OLD GAA code: CA policy violation:<no
>>>> reason given>
>>>>
>>>> This is what happens when at least one foreign Tier-2 tries to submit an FTS transfer to a FTS web service host at RAL which has a "new" host certificate (i.e. issued by UK e-Science CA 2B).
>>>>
>>>> Thanks,
>>>> Andrew.
>>>
>>>
>>>
|