Hi JJK,
Here are snapshots of two attempts for upgrading CRLs. But both are not updating 367b75c3.r0 and d254cc30.r0 files. 2nd one file is ok, as its Next Update is Mar 4 19:36:11 2009 GMT. But what should I do for 367b75c3.r0?
[root@ce certificates]# /opt/glite/libexec/fetch-crl.sh|grep "uk"
fetch-crl[9650]: 20080923T173217+0600 RetrieveFileByURL: download no data from http://www.romaniangrid.ro/crl/crl-v2.der
fetch-crl[9650]: 20080923T173217+0600 Attempt to install 2418a3f3.r0 failed since the current CRL is more recent than the one that was downloaded.
=====>>>>/usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.n11158 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der\n
fetch-crl[9650]: 20080923T173237+0600 verify failed for CRL issued by 'UK e-Science CA (367b75c3)' (Error getting CRL issuer certificate)
=====>>>>/usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.s12178 http://ca.grid-support.ac.uk/pub/crl/root-crl.der\n
fetch-crl[9650]: 20080923T173504+0600 RetrieveFileByURL: download no data from http://www.gridcanada.ca/ca/bffbd7d0.r0
fetch-crl[9650]: 20080923T173706+0600 RetrieveFileByURL: download no data from http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl
fetch-crl[9650]: 20080923T173706+0600 Persistent errors (9 hours) for d254cc30:
fetch-crl[9650]: 20080923T173706+0600 Could not download any CRL from /etc/grid-security/certificates//d254cc30.crl_url:
fetch-crl[9650]: 20080923T173706+0600 download failed from 'http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl'
fetch-crl[9650]: 20080923T173706+0600 download for http://ca.cern.ch/ca/CRL/CERN%20Root%20CA.crl is not valid and none of the URLs in '/etc/grid-security/certificates//d254cc30.crl_url' is operational
[root@ce certificates]# /usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.n11158 http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
[root@ce certificates]# ll 367b75c3.*
-rw-r--r-- 1 root root 48 Sep 23 09:40 367b75c3.crl_url
-rw-r--r-- 1 root root 441 Sep 23 09:40 367b75c3.info
-rw-r--r-- 1 root root 123930 Sep 23 17:16 367b75c3.r0
-rw-r--r-- 1 root root 238 Sep 23 09:40 367b75c3.signing_policy
[root@ce certificates]# /usr/bin/wget --no-cache --no-check-certificate -q -t 3 -T 30 -O /tmp/crl-dg.s12178 http://ca.grid-support.ac.uk/pub/crl/root-crl.der
[root@ce certificates]# ll d254cc30*
-rw-r--r-- 1 root root 1350 Jul 29 21:04 d254cc30.0
-rw-r--r-- 1 root root 46 Jul 29 21:04 d254cc30.crl_url
-rw-r--r-- 1 root root 334 Jul 29 21:04 d254cc30.info
-rw-r--r-- 1 root root 566 Jul 29 21:04 d254cc30.namespaces
-rw-r--r-- 1 root root 2813 Sep 23 07:54 d254cc30.r0
-rw-r--r-- 1 root root 284 Jul 29 21:04 d254cc30.signing_policy
[root@ce certificates]# grep Update 367b75c3.r0
Last Update: Aug 13 15:41:37 2008 GMT
Next Update: Sep 12 15:41:37 2008 GMT
[root@ce certificates]# grep Update d254cc30.r0
Last Update: Sep 5 07:16:11 2008 GMT
Next Update: Mar 4 19:36:11 2009 GMT
Cheers,
Asif Osman
________________________________
From: LHC Computer Grid - Rollout on behalf of Jan Just Keijser
Sent: Tue 9/23/2008 1:06 PM
To: [log in to unmask]
Subject: Re: [LCG-ROLLOUT] SSL negotiation failed
Hi Asif,
Asif Osman wrote:
>
> [root@ce scripts]# rpm -qf /opt/edg/sbin/edg-mkgridmap
> edg-mkgridmap-3.0.0-1
>
> After now gridmap is working w/o any problem. But I used voms-proxy-init before running it.
> But the second part of the problem, i.e., fetch crl is not updating /etc/grid-security/certificates/367b75c3.r0 file despite running fetch-crl script several time.
>
this seems to be networking issue at your site... I can do a
wget http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
just fine over here at the conference in Istanbul. Note that there is no
'\n' at the end of the wget !!
can you try the wget again?
also, back at Nikhef the file 367b75c3.r0 was updated this morning at
09:26 without any glitches.
cheers,
JJK / Jan Just Keijser
Nikhef Amsterdam
|