JISCMail - TB-SUPPORT Archives

I have both

/etc/grid-security/certificates/367b75c3.r0 
/etc/grid-security/certificates/53729190.r0

which should I eliminate and which should I keep?

thanks

cheers
alessandra

On 29/01/2013 11:54, John Hill wrote:
> /etc/grid-security/certificates/367b75c3.r0 is also still there after 
> upgrading to 1.52.
>
> John
>
> On 29/01/2013 11:38, Alessandra Forti wrote:
>> Hi Jens,
>>
>> I've just upgraded and this is what's left behind in the
>> /etc/grid-security/certificates/ directory
>>
>> #> rpm -qa ca-policy-egi-core
>> ca-policy-egi-core-1.52-1.noarch
>>
>> #> ls /etc/grid-security/certificates/UKeScience*2007*
>> /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url
>> /etc/grid-security/certificates/UKeScienceRoot-2007.pem
>> /etc/grid-security/certificates/UKeScienceRoot-2007.info
>> /etc/grid-security/certificates/UKeScienceRoot-2007.signing_policy
>> /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces
>>
>> cheers
>> alessandra
>>
>>
>> On 29/01/2013 11:34, Jens Jensen wrote:
>>> Dropping old CA certifiate (no valid certs, valid CRL)
>>> These files should go when you upgrade to 1.52:
>>> /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*} 
>>>
>>>
>>> It is most important to get rid of *.pem, *.0, and *.r0
>>>
>>> We can watch the CRLs for downloads, see which IP addresses they 
>>> come from.
>>>
>>> The main (small) risk is that sites don't remove it (for some reason)
>>> and get hit by the silly test for "expired" at the end of March (at
>>> 23:59:59 UTC).
>>>
>>> There are associated changes in UKeScienceRoot-2007.namespaces and
>>> UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
>>> download point in UKeScienceRoot-2007.crl_url. There is a slight risk
>>> that a bug has slipped through here, despite checking, due to some
>>> undocumented or non-testable "feature" in the code that uses these 
>>> files.
>>>
>>> That's it.  Any Qs or Cs?
>>>
>>> Cheers
>>> --jens
>>>
>>
>>
>> -- 
>> Facts aren't facts if they come from the wrong people. (Paul Krugman)
>>


-- 
Facts aren't facts if they come from the wrong people. (Paul Krugman)