I am playing with Yaim at the moment, but could not get very far as it hangs at
Configuring config_crl
netstat shows its connected to remote sites
/usr/bin/wget \
--ca-directory=/etc/grid-security/certificates -q -t3 -T30 -O /tmp/crl-dg.aK7676 \
https://swisssign.net/cgi-bin/authority/crl?into=file&ca=Root
/usr/bin/wget \
--ca-directory=/etc/grid-security/certificates -q -t3 -T30 -O /tmp/crl-dg.se6590
https://swisssign.net/cgi-bin/authority/crl?into=file&ca=Root
/usr/bin/wget \
--ca-directory=/etc/grid-security/certificates -q -t3 -T30 -O /tmp/crl-dg.CA6473 \
https://swisssign.net/cgi-bin/authority/crl?into=file&ca=Bronze
/usr/bin/wget \
--ca-directory=/etc/grid-security/certificates -q -t3 -T30 -O /tmp/crl-dg.lq6447 \
https://swisssign.net/cgi-bin/authority/crl?into=file&ca=Bronze
/usr/bin/wget \
--ca-directory=/etc/grid-security/certificates -q -t3 -T30 -O /tmp/crl-dg.NP9435 \
https://swisssign.net/cgi-bin/authority/crl?into=file&ca=SWITCH
I looked in /proc and found these processes seem to hang around for a while,
Short of skipping CRL installation for a _NON_ production box I found a quick way to remove swisssign.net from the list.
grep swisssign /etc/grid-security/*/* | cut -d: -f1 | xargs rm
and I also had to do this for ca.gridcenter.or.kr
grep ca.gridcenter.or.kr /etc/grid-security/*/* | cut -d: -f1 | xargs rm
This allowed Yaim to proceed unmodified.
Regards
Owen
|