Hi Mark, the crls are the *.r0 files in /etc/grid-security/certificates (or if you have a tarball UI, where-ever X509_CERT_DIR points to) There should be a cron job ("fetch-crl") to with it. Cheers, Daniela On 6 February 2013 15:27, Mark Slater <[log in to unmask]> wrote: > Hi John, > > This was indeed the problem - the DOEGrids.pem had expired last month for > us. So the certs are located in > > /etc/grid-security/**certificates > > (though I'm unsure what the newly created files in this dir are - proxies > maybe?). Could someone tell me where are the CRLs generally located? I'm > just trying to make sure I know what files (and where) are important for > the UI and should be kept up to date. At least I have a list of things to > check when another odd error comes up! > > Many Thanks and apologies for the n00b questions :) > > Mark > > On 06/02/13 13:57, [log in to unmask] wrote: > >> I'm no expert either I'm afraid. >> >> FWIW I have DOEGrids.pem in my /etc/grid-security/**certificates >> >> Version: 3 (0x2) >> Serial Number: 71 (0x47) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities, >> CN=ESnet Root CA 1 >> Validity >> Not Before: Dec 5 08:00:00 2002 GMT >> Not After : Jan 25 08:00:00 2018 GMT >> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities, >> CN=DOEGrids CA 1 >> >> Which doesn't look expired. >> >> I'd try updating the crls as per Daniela email. >> >> John >> >> >> -- Sent from the pit of despair ----------------------------------------------------------- [log in to unmask] HEP Group/Physics Dep Imperial College Tel: +44-(0)20-75947810 http://www.hep.ph.ic.ac.uk/~dbauer/