For the CERN and dteam VOMS, everyone with a valid UK old cert had the new one added.
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Christopher J.Walker
> Sent: 22 March 2012 12:39
> To: [log in to unmask]
> Subject: Re: Update on the CERN VOMS problem
> On 14/12/11 14:50, Steve Traylen wrote:
> > On Dec 14, 2011, at 3:37 PM, John Gordon wrote:
> >> Steve, are you also adding the entries for people who haven't yet
> renewed their certs?
> > Yes.
> > To be precise it's the people in the DB with a "CN=UK e-Science CA"
> who have not already added their 2B selves
> > already. The other dates such as the AUP signing date (valid for one
> year) are associated with the user rather
> > than the individual CA identity.
> > So e.g if their "UK e-Science CA" is suspended because they have not
> signed the AUP recently enough then
> > there "2B" will be in the same state. They can use either identity
> now to sign the AUP at any point which will be on
> > both of themselves.
> > Members can at their leisure switch their primary certificate to be
> "2B" and delete their old selves but other than for
> > the purposes of removing junk this is irrelevant if their old selves
> > Maybe that makes sense.
> I've just hit what sounds like the same problem with the gridpp voms
> I now have a 2B certificate.
> voms-proxy-init --voms snoplus.snolab.ca works fine.
> If I look at:
> There are things I can't see, and if I try to remove the pilot role
> myself, I have Insufficient privileges.
> I can however see that the privileges were granted with the old CA.
> Is there something that can/should be done to the VOMS server -
> presumably I won't be the only one hitting this.