Hi Mark,
I thought the CRLs were normally in /etc/grid-security/certificates?
Do you have a fetch-crl cron job set up - it sounds as if not? Mine run
every 6 hours (on UI, WNs, SE, etc, etc) and the cron job came with the
fetch-crl RPM. The recent files on my systems are generally .r0 files,
which (I think) are revokation files.
Cheers,
John
On 06/02/2013 15:27, Mark Slater wrote:
> Hi John,
>
> This was indeed the problem - the DOEGrids.pem had expired last month
> for us. So the certs are located in
>
> /etc/grid-security/certificates
>
> (though I'm unsure what the newly created files in this dir are -
> proxies maybe?). Could someone tell me where are the CRLs generally
> located? I'm just trying to make sure I know what files (and where) are
> important for the UI and should be kept up to date. At least I have a
> list of things to check when another odd error comes up!
>
> Many Thanks and apologies for the n00b questions :)
>
> Mark
>
> On 06/02/13 13:57, [log in to unmask] wrote:
>> I'm no expert either I'm afraid.
>>
>> FWIW I have DOEGrids.pem in my /etc/grid-security/certificates
>>
>> Version: 3 (0x2)
>> Serial Number: 71 (0x47)
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities,
>> CN=ESnet Root CA 1
>> Validity
>> Not Before: Dec 5 08:00:00 2002 GMT
>> Not After : Jan 25 08:00:00 2018 GMT
>> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities,
>> CN=DOEGrids CA 1
>>
>> Which doesn't look expired.
>>
>> I'd try updating the crls as per Daniela email.
>>
>> John
>>
>>
