I have both /etc/grid-security/certificates/367b75c3.r0 /etc/grid-security/certificates/53729190.r0 which should I eliminate and which should I keep? thanks cheers alessandra On 29/01/2013 11:54, John Hill wrote: > /etc/grid-security/certificates/367b75c3.r0 is also still there after > upgrading to 1.52. > > John > > On 29/01/2013 11:38, Alessandra Forti wrote: >> Hi Jens, >> >> I've just upgraded and this is what's left behind in the >> /etc/grid-security/certificates/ directory >> >> #> rpm -qa ca-policy-egi-core >> ca-policy-egi-core-1.52-1.noarch >> >> #> ls /etc/grid-security/certificates/UKeScience*2007* >> /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url >> /etc/grid-security/certificates/UKeScienceRoot-2007.pem >> /etc/grid-security/certificates/UKeScienceRoot-2007.info >> /etc/grid-security/certificates/UKeScienceRoot-2007.signing_policy >> /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces >> >> cheers >> alessandra >> >> >> On 29/01/2013 11:34, Jens Jensen wrote: >>> Dropping old CA certifiate (no valid certs, valid CRL) >>> These files should go when you upgrade to 1.52: >>> /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*} >>> >>> >>> It is most important to get rid of *.pem, *.0, and *.r0 >>> >>> We can watch the CRLs for downloads, see which IP addresses they >>> come from. >>> >>> The main (small) risk is that sites don't remove it (for some reason) >>> and get hit by the silly test for "expired" at the end of March (at >>> 23:59:59 UTC). >>> >>> There are associated changes in UKeScienceRoot-2007.namespaces and >>> UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL >>> download point in UKeScienceRoot-2007.crl_url. There is a slight risk >>> that a bug has slipped through here, despite checking, due to some >>> undocumented or non-testable "feature" in the code that uses these >>> files. >>> >>> That's it. Any Qs or Cs? >>> >>> Cheers >>> --jens >>> >> >> >> -- >> Facts aren't facts if they come from the wrong people. (Paul Krugman) >> -- Facts aren't facts if they come from the wrong people. (Paul Krugman)