Great! That's the info I needed :) We do have fetch-crl setup as a cron
but I was confused as to where it put things. Now I know that this
directory is the dumping ground for both.
Many Thanks all!
Mark
On 06/02/13 15:33, John Hill wrote:
> Hi Mark,
> I thought the CRLs were normally in
> /etc/grid-security/certificates? Do you have a fetch-crl cron job set
> up - it sounds as if not? Mine run every 6 hours (on UI, WNs, SE, etc,
> etc) and the cron job came with the fetch-crl RPM. The recent files on
> my systems are generally .r0 files, which (I think) are revokation files.
> Cheers,
> John
>
> On 06/02/2013 15:27, Mark Slater wrote:
>> Hi John,
>>
>> This was indeed the problem - the DOEGrids.pem had expired last month
>> for us. So the certs are located in
>>
>> /etc/grid-security/certificates
>>
>> (though I'm unsure what the newly created files in this dir are -
>> proxies maybe?). Could someone tell me where are the CRLs generally
>> located? I'm just trying to make sure I know what files (and where) are
>> important for the UI and should be kept up to date. At least I have a
>> list of things to check when another odd error comes up!
>>
>> Many Thanks and apologies for the n00b questions :)
>>
>> Mark
>>
>> On 06/02/13 13:57, [log in to unmask] wrote:
>>> I'm no expert either I'm afraid.
>>>
>>> FWIW I have DOEGrids.pem in my /etc/grid-security/certificates
>>>
>>> Version: 3 (0x2)
>>> Serial Number: 71 (0x47)
>>> Signature Algorithm: sha1WithRSAEncryption
>>> Issuer: DC=net, DC=ES, O=ESnet, OU=Certificate Authorities,
>>> CN=ESnet Root CA 1
>>> Validity
>>> Not Before: Dec 5 08:00:00 2002 GMT
>>> Not After : Jan 25 08:00:00 2018 GMT
>>> Subject: DC=org, DC=DOEGrids, OU=Certificate Authorities,
>>> CN=DOEGrids CA 1
>>>
>>> Which doesn't look expired.
>>>
>>> I'd try updating the crls as per Daniela email.
>>>
>>> John
>>>
>>>
|