I think this affects any VOMS where the 2B certificate DNs were added manually and the old certificate was not simply replaced during a VO membership renewal. The timing seems a bit odd though and I thought the old CA was to be extended until March 2013.
Jeremy
On 30 Oct 2012, at 14:35, John Gordon wrote:
> The discussion seems to have been around atlas. I just got a mail from the GRNET which supports dteam with the same message.
>
> John
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Steve Lloyd
>> Sent: 30 October 2012 14:25
>> To: [log in to unmask]
>> Subject: Re: My certificate status has set as expired by atlas
>>
>> Hi,
>> As far as I can see my current certificate is OK and therefore this
>> must be about my previous one that expired in June. Doesn't VOMRS know
>> that a certificate has expired already and if so it doesn't need to
>> send misleading emails about it.
>> Cheers Steve
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> +++++
>> + Steve Lloyd Queen Mary, University of
>> London +
>> + E-mail: [log in to unmask] School of Physics and
>> Astronomy +
>> + Phone: +44-(0)207-882-6967 Mile End Road
>> +
>> + Fax: +44-(0)207-882-7033 London E1 4NS, UK
>> +
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> +++++
>>
>>
>>
>> On 30 Oct 2012, at 12:56, Steve Traylen wrote:
>>
>>> On Oct 30, 2012, at 1:51 PM, Alessandra Forti wrote:
>>>
>>>> I was unaware as you are, I checked my certificate in vomrs made
>> sure it was primary and tested with voms-proxy-init.
>>>>
>>>> I agree this is one of those alerts that can be avoided.
>>>>
>>>
>>> How exactly? As far as VOMRS was aware anyone arriving up to a
>> yesterday or when ever it was
>>> with a (DN, old UK CA) combination would have been accepted. If
>> this in turn was the only identity
>>> they had then we needed to tell them.
>>>
>>> (Okay it may have been impossible to get a old UK signature in the
>>> last year but we don't know that.)
>>>
>>> Don't see the problem. A perfectly valid identity was just blocked so
>> we told you.
>>>
>>>
>>>> cheers
>>>> alessandra
>>>>
>>>> On 30/10/2012 12:43, Wahid Bhimji wrote:
>>>>>
>>>>> yes - we have had several "users" at Edinburgh asking questions
>> (including ourselves).
>>>>>
>>>>> It would have been better if the message was a bit clearer on what
>>>>> was happening (or indeed not email at all !)
>>>>>
>>>>>
>>>>> On 30 Oct 2012, at 12:34, Alessandra Forti
>> <[log in to unmask]> wrote:
>>>>>
>>>>>> All the atlas UK users have received it - Alessandro will have a
>> field day unswering everyone. It's the old CA expiring. You should have
>> a certificate with "CA 2B" in the VOMRS.
>>>>>>
>>>>>> You can check it here
>>>>>>
>>>>>> https://lcg-
>> voms.cern.ch:8443/vo/atlas/vomrs?path=/RootNode/MemberA
>>>>>> ction/MemberDNs&action=execute
>>>>>>
>>>>>> cheers
>>>>>> alessandra
>>>>>>
>>>>>> On 30/10/2012 12:20, Elena Korolkova wrote:
>>>>>>> Hello
>>>>>>>
>>>>>>> I've got email from atlas (I'll contact atlas later) that my
>> certificate is changed to expired.
>>>>>>>> Certificate signed by /C=UK/O=eScienceCA/OU=Authority/CN=UK e-
>> Science CA is not longer valid.
>>>>>>>>
>>>>>>> The certificate itself valid until 05.01.2013.
>>>>>>>
>>>>>>> Any idea why?
>>>>>>>
>>>>>>> Many thanks
>>>>>>> Elena
>>>>>>>
>>>>>>>
>>>>>>> Begin forwarded message:
>>>>>>>
>>>>>>>> From: <[log in to unmask]>
>>>>>>>> Date: 30 October 2012 09:08:58 GMT
>>>>>>>> To: <[log in to unmask]>
>>>>>>>> Subject: Automatic Notification from atlas VOMRS: Your
>>>>>>>> certificate status has changed
>>>>>>>>
>>>>>>>> Dear VO Member,
>>>>>>>> The status of your certificate
>>>>>>>> DN: /C=UK/O=eScience/OU=Sheffield/L=CICS/CN=elena korolkova
>>>>>>>> CA: /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA has been
>>>>>>>> changed from Approved to Expired due to following reason:
>> Certificate signed by /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science
>> CA is not longer valid.
>>>>>>>> The change was made by a VOMRS CA Validation Processor
>>>>>>>> DN: /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
>>>>>>>> CA: /DC=ch/DC=cern/CN=CERN Trusted Certification Authority
>> Please
>>>>>>>> contact VO administrator if you have any questions.
>>>>>>>>
>>>>>>>> VOMRS atlas Service
>>>>>>>>
>>>>>>>
>>>>>>> __________________________________________________
>>>>>>> Dr Elena Korolkova
>>>>>>> Email: [log in to unmask]
>>>>>>> Tel.: +44 (0)114 2223553
>>>>>>> Fax: +44 (0)114 2223555
>>>>>>> Department of Physics and Astronomy University of Sheffield
>>>>>>> Sheffield, S3 7RH, United Kingdom
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Facts aren't facts if they come from the wrong people. (Paul
>>>>>> Krugman)
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> The University of Edinburgh is a charitable body, registered in
>>>>> Scotland, with registration number SC005336.
>>>>>
>>>>
>>>>
>>>> --
>>>> Facts aren't facts if they come from the wrong people. (Paul
>> Krugman)
>>>>
> --
> Scanned by iCritical.
|