Hi Mark, I thought the CRLs were normally in /etc/grid-security/certificates? Do you have a fetch-crl cron job set up - it sounds as if not? Mine run every 6 hours (on UI, WNs, SE, etc, etc) and the cron job came with the fetch-crl RPM. The recent files on my systems are generally .r0 files, which (I think) are revokation files. Cheers, John On 06/02/2013 15:27, Mark Slater wrote: > Hi John, > > This was indeed the problem - the DOEGrids.pem had expired last month > for us. So the certs are located in > > /etc/grid-security/certificates > > (though I'm unsure what the newly created files in this dir are - > proxies maybe?). Could someone tell me where are the CRLs generally > located? I'm just trying to make sure I know what files (and where) are > important for the UI and should be kept up to date. At least I have a > list of things to check when another odd error comes up! > > Many Thanks and apologies for the n00b questions :) > > Mark > > On 06/02/13 13:57, [log in to unmask] wrote: >> I'm no expert either I'm afraid. >> >> FWIW I have DOEGrids.pem in my /etc/grid-security/certificates >> >> Version: 3 (0x2) >> Serial Number: 71 (0x47) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities, >> CN=ESnet Root CA 1 >> Validity >> Not Before: Dec 5 08:00:00 2002 GMT >> Not After : Jan 25 08:00:00 2018 GMT >> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities, >> CN=DOEGrids CA 1 >> >> Which doesn't look expired. >> >> I'd try updating the crls as per Daniela email. >> >> John >> >>