 |
 |
Hi Santanu, Santanu Das wrote: > [farm030] /home/dteam005 > globus-url-copy file:/etc/group > gsiftp://serv03.hep.phy.cam.ac.uk/tmp/test.$$ > error: globus_l_ftp_control_send_cmd_cb: gss_init_sec_context failed > ... > globus_gsi_callback.c:769: globus_i_gsi_callback_check_revoked: Invalid > CRL: The available CRL has expired Assuming that you run from a UI in Cambridge, the only certificates that get used in this process are the ones from UKeScience. Since (currently) all CRLs are up to date this could have been a local update problem. Anyway, it is likely not related to the errors from SwissSign. There seems to be a ongoing problem that the SwissSign web servers get overloaded by our CRL requests. This has been reported to SwissSign and the SWITCH CA and is currently being investigated. (even with only 40 concurrent downloads, about 40% of the CRL requests result in a 500-server error or, apparently, a corrupted CRL). Cheers, DavidG. > Running cron job by hand on CE reports: > > [root@serv03 root]# /opt/edg/etc/cron/edg-fetch-crl-cron > edg-fetch-crl: [2005/05/23-00:14:19] verify failed for CRL issued by > '/CN=SWITCH' (verify failure) > > but all my nodes got 0.29-1 CA rpms installed > > [root@serv03 root]# rpm -qa | grep ca_SWITCH > ca_SWITCH-0.29-1 > > and also synchronized with the time server. Any clue from anybody what's > wrong with swisssign? Can any one please help?? > > Thanks, > Santanu > > > > > On May 19, 2005, at 3:43 PM, Fokke Dijkstra wrote: > > There is no upgrade for ca_DOESG-Root-0.28-1. Should it be removed? > > Kind regards, > > Fokke Dijkstra >