 |
 |
Hi Mark, this is an old EGEE script but it still works to check CRLs and certifiactes. If you run it as root it will check the host, if you run it as a plain user it checks the user certificate. http://www.sysadmin.hep.ac.uk/svn/fabric-management/certificates/x509/check-node cheers alessandra On 06/02/2013 15:27, Mark Slater wrote: > Hi John, > > This was indeed the problem - the DOEGrids.pem had expired last month > for us. So the certs are located in > > /etc/grid-security/certificates > > (though I'm unsure what the newly created files in this dir are - > proxies maybe?). Could someone tell me where are the CRLs generally > located? I'm just trying to make sure I know what files (and where) > are important for the UI and should be kept up to date. At least I > have a list of things to check when another odd error comes up! > > Many Thanks and apologies for the n00b questions :) > > Mark > > On 06/02/13 13:57, [log in to unmask] wrote: >> I'm no expert either I'm afraid. >> >> FWIW I have DOEGrids.pem in my /etc/grid-security/certificates >> >> Version: 3 (0x2) >> Serial Number: 71 (0x47) >> Signature Algorithm: sha1WithRSAEncryption >> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities, >> CN=ESnet Root CA 1 >> Validity >> Not Before: Dec 5 08:00:00 2002 GMT >> Not After : Jan 25 08:00:00 2018 GMT >> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities, >> CN=DOEGrids CA 1 >> >> Which doesn't look expired. >> >> I'd try updating the crls as per Daniela email. >> >> John >> >> -- Facts aren't facts if they come from the wrong people. (Paul Krugman)