This is a long standing issue. The gridpp wiki pages we wrote for the
first rollover are dated October 2006. we need to put the right version
of VOMS server. This unfortunately hasn't happened yet.
cheers
alessandra
Jensen, J (Jens) wrote:
> I would ticket the VOMS admins - checking the issuer DN is evil and
> wrong (in this context).
>
> -j
>
> Ma, M (Mingchao) wrote:
>
>> Hi David,
>>
>> You need to re-register with gridpp vo since your new certificate has
>> different issuer's DN, which is used by the VOMS server to identity you.
>> And you might find that you can initialising a proxy with some other VOs
>> if you are the member. It is because of the different configuration of
>> VOMS server (nothing wrong with your certificate). Some VOMS servers
>> identity users by user's DN only, others by combination of user's DN
>> and issuer's DN. In your case, your DN remains the same but the issuer's
>> DN has been changed.
>>
>> Cheers,
>>
>> Mingchao
>>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes
>> [mailto:[log in to unmask]] On Behalf Of David Ambrose-Griffith
>> Sent: 25 July 2008 15:51
>> To: [log in to unmask]
>> Subject: Re: Finalising UK CA rollover
>>
>> Jensen, J (Jens) wrote:
>>
>>> David Ambrose-Griffith wrote:
>>>
>>>
>>>> Hmmn, at the moment Durham's SE has a certificate signed by the old
>>>> root CA, but we didn't get the rollover email for it, and with the
>>>> CRL now expired, we're failing tests.
>>>>
>>>> Our local RA Operator will be revoking and re-issuing the certificate
>>>>
>>>> this afternoon, but the lack of rollover email is a bit concerning.
>>>>
>>>>
>>> Hi David,
>>>
>>> The certificate is sorted, but the other certificate should have been
>>> re-signed and mailed to Phil who was in the database as contact. It
>>> does look like it wasn't, I'm investigating. Sorry about that.
>>>
>>> --jens
>>>
>>>
>> Cheers for that, we've just installed the newly re-issued certificate.
>>
>> It looks like Durham are not alone in having host certificates get
>> invalidated
>>
>> Is anyone else having problems with initialising a proxy? Neither myself
>> nor Phil can get voms.gridpp.ac.uk to acknowledge our membership of
>> pheno, and as such we're unable to test much.
>>
>> --
>> David Ambrose-Griffith - [log in to unmask]
>>
>> IPPP, Department of Physics, Durham University, Science Laboratories,
>> South Road, Durham, DH1 3LE Direct Dial: +44 (0)191 3343704
>> Office: +44 (0)191 334 3811
>>
--
Well you'll still need a tray
|