Curious - I only have 367b75c3.r0
John
On 29/01/2013 12:36, Alessandra Forti wrote:
> I have both
>
> /etc/grid-security/certificates/367b75c3.r0
> /etc/grid-security/certificates/53729190.r0
>
> which should I eliminate and which should I keep?
>
> thanks
>
> cheers
> alessandra
>
> On 29/01/2013 11:54, John Hill wrote:
>> /etc/grid-security/certificates/367b75c3.r0 is also still there after
>> upgrading to 1.52.
>>
>> John
>>
>> On 29/01/2013 11:38, Alessandra Forti wrote:
>>> Hi Jens,
>>>
>>> I've just upgraded and this is what's left behind in the
>>> /etc/grid-security/certificates/ directory
>>>
>>> #> rpm -qa ca-policy-egi-core
>>> ca-policy-egi-core-1.52-1.noarch
>>>
>>> #> ls /etc/grid-security/certificates/UKeScience*2007*
>>> /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url
>>> /etc/grid-security/certificates/UKeScienceRoot-2007.pem
>>> /etc/grid-security/certificates/UKeScienceRoot-2007.info
>>> /etc/grid-security/certificates/UKeScienceRoot-2007.signing_policy
>>> /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces
>>>
>>> cheers
>>> alessandra
>>>
>>>
>>> On 29/01/2013 11:34, Jens Jensen wrote:
>>>> Dropping old CA certifiate (no valid certs, valid CRL)
>>>> These files should go when you upgrade to 1.52:
>>>> /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*}
>>>>
>>>>
>>>> It is most important to get rid of *.pem, *.0, and *.r0
>>>>
>>>> We can watch the CRLs for downloads, see which IP addresses they
>>>> come from.
>>>>
>>>> The main (small) risk is that sites don't remove it (for some reason)
>>>> and get hit by the silly test for "expired" at the end of March (at
>>>> 23:59:59 UTC).
>>>>
>>>> There are associated changes in UKeScienceRoot-2007.namespaces and
>>>> UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
>>>> download point in UKeScienceRoot-2007.crl_url. There is a slight risk
>>>> that a bug has slipped through here, despite checking, due to some
>>>> undocumented or non-testable "feature" in the code that uses these
>>>> files.
>>>>
>>>> That's it. Any Qs or Cs?
>>>>
>>>> Cheers
>>>> --jens
>>>>
>>>
>>>
>>> --
>>> Facts aren't facts if they come from the wrong people. (Paul Krugman)
>>>
>
>
|