Hi Mark,
the crls are the *.r0 files in /etc/grid-security/certificates (or if you
have a tarball UI, where-ever X509_CERT_DIR points to)
There should be a cron job ("fetch-crl") to with it.
Cheers,
Daniela
On 6 February 2013 15:27, Mark Slater <[log in to unmask]> wrote:
> Hi John,
>
> This was indeed the problem - the DOEGrids.pem had expired last month for
> us. So the certs are located in
>
> /etc/grid-security/**certificates
>
> (though I'm unsure what the newly created files in this dir are - proxies
> maybe?). Could someone tell me where are the CRLs generally located? I'm
> just trying to make sure I know what files (and where) are important for
> the UI and should be kept up to date. At least I have a list of things to
> check when another odd error comes up!
>
> Many Thanks and apologies for the n00b questions :)
>
> Mark
>
> On 06/02/13 13:57, [log in to unmask] wrote:
>
>> I'm no expert either I'm afraid.
>>
>> FWIW I have DOEGrids.pem in my /etc/grid-security/**certificates
>>
>> Version: 3 (0x2)
>> Serial Number: 71 (0x47)
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities,
>> CN=ESnet Root CA 1
>> Validity
>> Not Before: Dec 5 08:00:00 2002 GMT
>> Not After : Jan 25 08:00:00 2018 GMT
>> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities,
>> CN=DOEGrids CA 1
>>
>> Which doesn't look expired.
>>
>> I'd try updating the crls as per Daniela email.
>>
>> John
>>
>>
>>
--
Sent from the pit of despair
-----------------------------------------------------------
[log in to unmask]
HEP Group/Physics Dep
Imperial College
Tel: +44-(0)20-75947810
http://www.hep.ph.ic.ac.uk/~dbauer/
