Hi
Have you updated to the latest version?
What do you get when you try
ls 367b75c3.* 53729190.*
JK
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Elena Korolkova
> Sent: Thursday, January 31, 2013 3:04 PM
> To: [log in to unmask]
> Subject: Re: Changes in IGTF 1.52
>
> Hello John
>
> I'm dealing with this stuff today.
> I found in email excange:
>
> > Are there any files like 367b75c3.* or 53729190.* ?
> >
> > The ones below are Root ones not 2007 CA so they are expected to be there
>
> and
>
> I don't see any point in keeping either of the .r0 files for the old UK eScience CA.
>
> Before removing them you can see/check what they are by something like the
> following: .....
>
> Should 367b75c3.* or 53729190.* be deleted?
>
> Thanks
> Elena
>
>
> On 29 Jan 2013, at 12:36, John Kewley wrote:
>
> > Are there any files like 367b75c3.* or 53729190.* ?
> >
> > The ones below are Root ones not 2007 CA so they are expected to be there
> >
> > JK
> >
> > From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Alessandra Forti
> > Sent: Tuesday, January 29, 2013 11:39 AM
> > To: [log in to unmask]
> > Subject: Re: Changes in IGTF 1.52
> >
> > Hi Jens,
> >
> > I've just upgraded and this is what's left behind in the /etc/grid-security/certificates/
> directory
> >
> > #> rpm -qa ca-policy-egi-core
> > ca-policy-egi-core-1.52-1.noarch
> >
> > #> ls /etc/grid-security/certificates/UKeScience*2007*
> > /etc/grid-security/certificates/UKeScienceRoot-2007.crl_url /etc/grid-
> security/certificates/UKeScienceRoot-2007.pem
> > /etc/grid-security/certificates/UKeScienceRoot-2007.info /etc/grid-
> security/certificates/UKeScienceRoot-2007.signing_policy
> > /etc/grid-security/certificates/UKeScienceRoot-2007.namespaces
> >
> > cheers
> > alessandra
> >
> >
> > On 29/01/2013 11:34, Jens Jensen wrote:
> > Dropping old CA certifiate (no valid certs, valid CRL)
> > These files should go when you upgrade to 1.52:
> > /etc/grid-security/certificates/{UKeScienceCA-2007.*,367b75c3.*,53729190.*}
> >
> > It is most important to get rid of *.pem, *.0, and *.r0
> >
> > We can watch the CRLs for downloads, see which IP addresses they come from.
> >
> > The main (small) risk is that sites don't remove it (for some reason)
> > and get hit by the silly test for "expired" at the end of March (at
> > 23:59:59 UTC).
> >
> > There are associated changes in UKeScienceRoot-2007.namespaces and
> > UKeScienceRoot-2007.signing_policy. In addition, we changed the CRL
> > download point in UKeScienceRoot-2007.crl_url. There is a slight risk
> > that a bug has slipped through here, despite checking, due to some
> > undocumented or non-testable "feature" in the code that uses these files.
> >
> > That's it. Any Qs or Cs?
> >
> > Cheers
> > --jens
> >
> >
> >
> >
> > --
> > Facts aren't facts if they come from the wrong people. (Paul Krugman)
> > --
> > Scanned by iCritical.
>
> __________________________________________________
> Dr Elena Korolkova
> Email: [log in to unmask]
> Tel.: +44 (0)114 2223553
> Fax: +44 (0)114 2223555
> Department of Physics and Astronomy
> University of Sheffield
> Sheffield, S3 7RH, United Kingdom
--
Scanned by iCritical.
|