 |
 |
That sounds right to me as well. The new UK e-Science certificates have been "out" since the 1.39 release (June 2011), and there was a typo fixed in a naming policy file (introduced in 1.41 and fixed in 1.42, both September 2011. And they went "live" in October 2011. And the current release is 1.46. What puzzles me, there are loads of new CA certs in the distribution - if the sites have not discovered that they have not upgraded, does it mean they are not using the new CAs? Anyway, we will investigate... Thanks --jens On 11/04/2012 19:46, Daniela Bauer wrote: > Hi, > > When I've seen that error before, it was the CAs on the user's site > not being up to date. > > Cheers, > Daniela > > > On 11 April 2012 18:28, Andrew Lahiff <[log in to unmask]> wrote: >> Hi, >> >> Does anyone know what this error means: >> >> GSS Minor Status Error Chain: >> globus_gsi_gssapi: SSLv3 handshake problems >> globus_gsi_callback_module: Could not verify credential >> globus_gsi_callback_module: Error with signing policy >> globus_gsi_callback_module: Error in OLD GAA code: CA policy violation: <no >> reason given> >> >> This is what happens when at least one foreign Tier-2 tries to submit an FTS transfer to a FTS web service host at RAL which has a "new" host certificate (i.e. issued by UK e-Science CA 2B). >> >> Thanks, >> Andrew. > > >