This problem was also reported by Dimitar at the EMT meeting yesterday. He took it offline with Juha. I put them in Cc for an update on this. yours maria ________________________________ Από: LHC Computer Grid - Rollout εκ μέρους Pierre GIRARD Αποστολή: Πεμ 5/22/2008 6:05 μμ Προς: [log in to unmask] Θέμα: Re: [LCG-ROLLOUT] verify failed for CA certificate issued by 'CERN Trusted Certification Authority (1d879c6c)' Hi Jason, At IN2P3-CC, we had various authentication errors yesterday because of that expired CRL, and oddly at 22:00, new CRL update fixed the problem. Today, at 16:00, the problem came back. I sent a mail to cern-ca-managers to inform them of that. Hope that helps. Pierre Jason Shih a ecrit : > Dear all, > > > while checking one of the SE (classic) that have fail with SAM SRM testing > since '22-May-2008 10:07:50', i found that crl fetch from ca_CERN-TCA crl > url fail to pass verification process and the expiration date shift back > to May 1st: > > -- > # ls > 1d879c6c.0 1d879c6c.crl_url 1d879c6c.info 1d879c6c.r0 > 1d879c6c.signing_policy fetch-crl fetch-crl.sh > > # rm *.r0 > rm: remove regular file `1d879c6c.r0'? y > [root@dpm01 j]# ./fetch-crl --loc . -out . --no-check-certificate > fetch-crl: [2008/05/22-14:43:01] Using OpenSSL version OpenSSL 0.9.7a Feb 19 2003 at /usr/bin/openssl > fetch-crl: [2008/05/22-14:43:01] processing './1d879c6c.crl_url' > fetch-crl: [2008/05/22-14:43:02] updating CRL 'CERN Trusted Certification Authority (1d879c6c)' > fetch-crl: [2008/05/22-14:43:02] verify failed for CA certificate issued by 'CERN Trusted Certification Authority (1d879c6c)' (/DC=ch/DC=cern/CN=CERN 20) > > # grep Update *r0 > Last Update: Apr 29 14:56:31 2008 GMT > Next Update: May 1 15:16:31 2008 GMT > > > > while the other crl available at the other grid server nodes yet have been > updated and did have the correcr end time comparing with current trial. > any idea? > > Br, > J > > -- ______________________ Pierre GIRARD French ROC deputy (EGEE/LCG) Grid Computing Team Member IN2P3/CNRS Computing Centre - Lyon (FRANCE) e-mail: [log in to unmask] Tel. +33 4.72.69.52.89 http://cc.in2p3.fr <http://cc.in2p3.fr/> CCIN2P3 Tel. +33 4.78.93.08.80 | CCIN2P3 Fax. +33 4.72.69.41.70