None of our host certificates have the "host/".
John
On 06/11/2012 10:46, Wahid Bhimji wrote:
> Hi
>
> So when I tried to use the "Cert wizard" to renew my disk server
> certificates I hit an error apparatnly due to the "host/"
> Does anyone know if that is in fact needed or it is ok to use a cert
> without that bit?
>
> The salient parts of my discussionwith the helpdesk are below.
>
> Wahid
>
> Begin forwarded message:
>
>> *From: *UK Grid Operations Support Centre <[log in to unmask]
>> <mailto:[log in to unmask]>>
>> *Subject: **sec_error_unknown_issuer error using firefox to renew host
>> certificate ISSUE=15075 PROJ=1*
>> *Date: *6 November 2012 10:41:00 GMT
>> *To: *<[log in to unmask] <mailto:[log in to unmask]>>
>> *Reply-To: *<[log in to unmask]
>> <mailto:[log in to unmask]>>
>>
>> When replying, type your text above this line.
>> ------------------------------------------------------------------------
>> *Notification of Query Change*
>>
>> The following reply has been supplied for query [GOSC
>> 15075].
>>
>>
>> *Status: * Agent Replied *Creation Date: * 05/11/2012
>>
>>
>> *Query Content:*
>> /Entered on 06/11/2012 at 10:41:29 GMT (GMT+0000) by John Kewley:/
>> OK thanks
>>
>> I agree it would be better if it worked on OS/X, but we have spent our
>> development on CertWizard so we don't have to support every browser on
>> every OS.
>>
>> Are you sure you need the "host/" prefix? If you have a use-case we'd
>> be pleased to hear it - that browser interface won't be around for
>> that long
>> so we do need to find out if anyone does indeed have any requirements
>> for a service certificate.
>>
>> Cheers
>>
>> JK
>>
>>
>> On 6 Nov 2012, at 09:41, UK Grid Operations Support Centre
>> <[log in to unmask] <mailto:[log in to unmask]>> wrote:
>>
>> > [Duplicate message snipped]
>>
>> /Entered on 06/11/2012 at 09:41:26 GMT (GMT+0000) by John Kewley:/
>> The use of a service has prefix (especially the host/ prefix) has been
>> pretty much deprecated by the community some time ago so we haven't
>> added support for it in CertWizard.
>>
>> Your error message doesn't look too friendly though, sorry about that.
>>
>> if you don't still require that exact DN then you can request a new
>> certificate without the prefix using CertWizard - this is likely your
>> easiest option ... unless you need that prefix for something.
>>
>> ... or you should be able to still use Firefox to renew it. Can you
>> you detail the steps you are doing in FF?
>>
>> cheers
>>
>> JK
>>
>> /Entered on 06/11/2012 at 09:20:26 GMT (GMT+0000) by
>> [log in to unmask] <mailto:[log in to unmask]>:/
>> Subject: Re: sec_error_unknown_issuer error using firefox to renew
>> host certificate ISSUE=15075 PROJ=1
>> To: <[log in to unmask] <mailto:[log in to unmask]>>
>> From: Wahid Bhimji <[log in to unmask]
>> <mailto:[log in to unmask]>>
>>
>> Right I tried the cert wizard and I got this message
>> "Server responded an error: For user cert requests, the CN should be
>> lowercase of the form 'firstname surname' (single space separator).
>> For hostcert requests, the CN should be a valid lowercase DNS domain
>> name. [Accepted (202) - The request has been accepted for processing,
>> but the processing has not been completed]"
>>
>> Is it possible to use the cert wizard or not - what does that message
>> mean.
>> The DN is
>> [log in to unmask]
>> <mailto:[log in to unmask]>,
>> CN=host/pool3.glite.ecdf.ed.ac.uk, L=NeSC, OU=Edinburgh, O=eScience, C=UK
>> CN=UK e-Science CA 2B, OU=Authority, O=eScienceCA, C=UK
>>
>> I need to get this resolved very soon as the cert will expire next week
>>
>> Wahid
>>
>
>
>
> The University of Edinburgh is a charitable body, registered in
> Scotland, with registration number SC005336.
>
|