Hi All, The only other InCommon VOMS server certificate I’ve got in my supported VOs is lsst, but that doesn’t expire until August (just about the right time for us to have forgotten about this again). Does anyone else have any in their supported VOs? openssl s_client -host voms.slac.stanford.edu -port 15003 | openssl x509 -noout -enddate depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1 depth=1 C = US, O = Internet2, OU = InCommon, CN = InCommon IGTF Server CA verify return:1 depth=0 DC = org, DC = incommon, C = US, ST = CA, L = Stanford, O = Stanford University, OU = SLAC, CN = voms.slac.stanford.edu verify return:1 140045279451024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1493:SSL alert number 40 140045279451024:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177: notAfter=Aug 20 23:59:59 2020 GMT Yours, Chris. ________________________________ From: Testbed Support for GridPP member institutes <[log in to unmask]> on behalf of Stephen Jones <[log in to unmask]> Sent: Monday, March 16, 2020 9:23:28 AM To: [log in to unmask] <[log in to unmask]> Subject: Re: Wisconsin LZ voms server DN change On 15/03/2020 13:51, Daniela Bauer wrote: > Wisconsin have turned their voms server off in preparation That is, from my point of view, the wrong thing to do, since the Ops Portal (the canonical source of VOMS info) queries each VOMS server for the DN/CA_DN. By turning the VOMS server off, the ops portal cannot determine the DN or CA_DN so they go blank. And, once they are blank, no-one can update since the values to update to are undefined (unless they update by hand, as you suggest.) And updating by hand is the worst, most error prone and inefficient way to update. OK, it's without doubt a rubbish system that is unthoughtout, but we still got to deal with it. So this is what I'll do. I'll omit LZ from the query to the Ops Portal, and insert the LZ record(s) by hand, adjusted as you say, leaving the Imperial records as they are. It's a PITA but it will work. I'll let you know. Cheers, Ste -- Steve Jones [log in to unmask] Grid System Administrator office: 220 High Energy Physics Division tel (int): 43396 Oliver Lodge Laboratory tel (ext): +44 (0)151 794 3396 University of Liverpool http://www.liv.ac.uk/physics/hep/ ######################################################################## To unsubscribe from the TB-SUPPORT list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1 ######################################################################## To unsubscribe from the TB-SUPPORT list, click the following link: https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1