Dropping old CA certifiate (no valid certs, valid CRL) These files should go when you upgrade to 1.52: /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*} It is most important to get rid of *.pem, *.0, and *.r0 We can watch the CRLs for downloads, see which IP addresses they come from. The main (small) risk is that sites don't remove it (for some reason) and get hit by the silly test for "expired" at the end of March (at 23:59:59 UTC). There are associated changes in UKeScienceRoot-2007.namespaces and UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL download point in UKeScienceRoot-2007.crl_url. There is a slight risk that a bug has slipped through here, despite checking, due to some undocumented or non-testable "feature" in the code that uses these files. That's it. Any Qs or Cs? Cheers --jens -- Scanned by iCritical.