Hello John
I'm dealing with this stuff today.
I found in email excange:
> Are there any files like 367b75c3.* or 53729190.* ?
>
> The ones below are Root ones not 2007 CA so they are expected to be there
and
I don't see any point in keeping either of the .r0 files for the old UK eScience CA.
Before removing them you can see/check what they are by something like the following: .....
Should 367b75c3.* or 53729190.* be deleted?
Thanks
Elena
On 29 Jan 2013, at 12:36, John Kewley wrote:
> Are there any files like 367b75c3.* or 53729190.* ?
>
> The ones below are Root ones not 2007 CA so they are expected to be there
>
> JK
>
> From: Testbed Support for GridPP member institutes [mailto:[log in to unmask]] On Behalf Of Alessandra Forti
> Sent: Tuesday, January 29, 2013 11:39 AM
> To: [log in to unmask]
> Subject: Re: Changes in IGTF 1.52
>
> Hi Jens,
>
> I've just upgraded and this is what's left behind in the /etc/grid-security/certificates/ directory
>
> #> rpm -qa ca-policy-egi-core
> ca-policy-egi-core-1.52-1.noarch
>
> #> ls /etc/grid-security/certificates/UKeScience*2007*
> /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url /etc/grid-security/certificates/UKeScienceRoot-2007.pem
> /etc/grid-security/certificates/UKeScienceRoot-2007.info /etc/grid-security/certificates/UKeScienceRoot-2007.signing_policy
> /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces
>
> cheers
> alessandra
>
>
> On 29/01/2013 11:34, Jens Jensen wrote:
> Dropping old CA certifiate (no valid certs, valid CRL)
> These files should go when you upgrade to 1.52:
> /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*}
>
> It is most important to get rid of *.pem, *.0, and *.r0
>
> We can watch the CRLs for downloads, see which IP addresses they come from.
>
> The main (small) risk is that sites don't remove it (for some reason)
> and get hit by the silly test for "expired" at the end of March (at
> 23:59:59 UTC).
>
> There are associated changes in UKeScienceRoot-2007.namespaces and
> UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
> download point in UKeScienceRoot-2007.crl_url. There is a slight risk
> that a bug has slipped through here, despite checking, due to some
> undocumented or non-testable "feature" in the code that uses these files.
>
> That's it. Any Qs or Cs?
>
> Cheers
> --jens
>
>
>
>
> --
> Facts aren't facts if they come from the wrong people. (Paul Krugman)
> --
> Scanned by iCritical.
__________________________________________________
Dr Elena Korolkova
Email: [log in to unmask]
Tel.: +44 (0)114 2223553
Fax: +44 (0)114 2223555
Department of Physics and Astronomy
University of Sheffield
Sheffield, S3 7RH, United Kingdom
|