JISCMail - LCG-ROLLOUT Archives

This problem was also reported by Dimitar at the EMT meeting yesterday.
He took it offline with Juha. 
I put them in Cc for an update on this.
yours
maria

________________________________

Από: LHC Computer Grid - Rollout εκ μέρους Pierre GIRARD
Αποστολή: Πεμ 5/22/2008 6:05 μμ
Προς: [log in to unmask]
Θέμα: Re: [LCG-ROLLOUT] verify failed for CA certificate issued by 'CERN Trusted Certification Authority (1d879c6c)'



Hi Jason,

At IN2P3-CC, we had various authentication errors yesterday because of
that expired CRL, and oddly at 22:00, new CRL update fixed the problem.
Today, at 16:00, the problem came back.

I sent a mail to cern-ca-managers to inform them of that.

Hope that helps.

Pierre

Jason Shih a ecrit :
> Dear all,
>
>
> while checking one of the SE (classic) that have fail with SAM SRM testing
> since '22-May-2008 10:07:50', i found that crl fetch from ca_CERN-TCA crl
> url fail to pass verification process and the expiration date shift back
> to May 1st:
>
> --
> # ls
> 1d879c6c.0  1d879c6c.crl_url  1d879c6c.info  1d879c6c.r0 
> 1d879c6c.signing_policy  fetch-crl  fetch-crl.sh
>
> # rm *.r0
> rm: remove regular file `1d879c6c.r0'? y
> [root@dpm01 j]# ./fetch-crl --loc . -out . --no-check-certificate
> fetch-crl: [2008/05/22-14:43:01] Using OpenSSL version OpenSSL 0.9.7a Feb 19 2003 at /usr/bin/openssl
> fetch-crl: [2008/05/22-14:43:01] processing './1d879c6c.crl_url'
> fetch-crl: [2008/05/22-14:43:02] updating CRL 'CERN Trusted Certification Authority (1d879c6c)'
> fetch-crl: [2008/05/22-14:43:02] verify failed for CA certificate issued by 'CERN Trusted Certification Authority (1d879c6c)' (/DC=ch/DC=cern/CN=CERN 20)
>
> # grep Update *r0
>         Last Update: Apr 29 14:56:31 2008 GMT
>         Next Update: May  1 15:16:31 2008 GMT
>
>
>
> while the other crl available at the other grid server nodes yet have been
> updated and did have the correcr end time comparing with current trial.
> any idea?
>
> Br,
> J
>
>  


--
______________________
Pierre GIRARD
French ROC deputy (EGEE/LCG)
Grid Computing Team Member
IN2P3/CNRS Computing Centre - Lyon (FRANCE)
e-mail: [log in to unmask]
Tel. +33 4.72.69.52.89
http://cc.in2p3.fr <http://cc.in2p3.fr/> 
CCIN2P3 Tel. +33 4.78.93.08.80 | CCIN2P3 Fax. +33 4.72.69.41.70