Dropping old CA certifiate (no valid certs, valid CRL)
These files should go when you upgrade to 1.52:
/etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*}
It is most important to get rid of *.pem, *.0, and *.r0
We can watch the CRLs for downloads, see which IP addresses they come from.
The main (small) risk is that sites don't remove it (for some reason)
and get hit by the silly test for "expired" at the end of March (at
23:59:59 UTC).
There are associated changes in UKeScienceRoot-2007.namespaces and
UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
download point in UKeScienceRoot-2007.crl_url. There is a slight risk
that a bug has slipped through here, despite checking, due to some
undocumented or non-testable "feature" in the code that uses these files.
That's it. Any Qs or Cs?
Cheers
--jens
--
Scanned by iCritical.
