Print

Print
Hi All,

The only other InCommon VOMS server certificate I’ve got in my supported VOs is lsst, but that doesn’t expire until August (just about the right time for us to have forgotten about this again). Does anyone else have any in their supported VOs?


openssl s_client -host voms.slac.stanford.edu -port 15003 | openssl x509 -noout -enddate

depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = US, O = Internet2, OU = InCommon, CN = InCommon IGTF Server CA
verify return:1
depth=0 DC = org, DC = incommon, C = US, ST = CA, L = Stanford, O = Stanford University, OU = SLAC, CN = voms.slac.stanford.edu
verify return:1
140045279451024:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1493:SSL alert number 40
140045279451024:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
notAfter=Aug 20 23:59:59 2020 GMT

Yours,
Chris.

From: Testbed Support for GridPP member institutes <[log in to unmask]> on behalf of Stephen Jones <[log in to unmask]>
Sent: Monday, March 16, 2020 9:23:28 AM
To: [log in to unmask] <[log in to unmask]>
Subject: Re: Wisconsin LZ voms server DN change
 
On 15/03/2020 13:51, Daniela Bauer wrote:
> Wisconsin have turned their voms server off in preparation

That is, from my point of view, the wrong thing to do, since the Ops
Portal (the canonical source of VOMS info) queries each VOMS server for
the DN/CA_DN. By turning the VOMS server off, the ops portal cannot
determine the DN or CA_DN so they go blank.  And, once they are blank,
no-one can update since the values to update to are undefined (unless
they update by hand, as you suggest.) And updating by hand is the worst,
most error prone and inefficient way to update.

OK, it's without doubt a rubbish system that is unthoughtout, but we
still got to deal with it.

So this is what I'll do. I'll omit LZ from the query to the Ops Portal,
and insert the LZ record(s) by hand, adjusted as you say, leaving the
Imperial records as they are. It's a PITA but it will work.

I'll let you know.

Cheers,

Ste



--
Steve Jones                             [log in to unmask]
Grid System Administrator               office: 220
High Energy Physics Division            tel (int): 43396
Oliver Lodge Laboratory                 tel (ext): +44 (0)151 794 3396
University of Liverpool                 http://www.liv.ac.uk/physics/hep/

########################################################################

To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1

To unsubscribe from the TB-SUPPORT list, click the following link:
https://www.jiscmail.ac.uk/cgi-bin/webadmin?SUBED1=TB-SUPPORT&A=1