I can third that it causes problems. Sadly trying to roll back using yum
history didn't work out for us either.
Cheers,
Matt
On 28/11/17 13:21, Stephen Jones wrote:
> Don't update to 1.88-1
>
> We have same problems too!
>
> Working on it; site is down because ARGUS (SL6) is clobbered by this...
>
> Cheers,
>
>
> Ste
>
>
> On 28/11/17 13:17, Daniela Bauer wrote:
>> Hi All,
>>
>> the latest trust anchor release contains this chage:
>>
>> * updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
>>
>> When I try and run the cvmfs UI on SL6 I get the following error:
>>
>> lx01:~ > voms-proxy-init --voms gridpp
>> Enter GRID pass phrase for this identity:
>> Contacting voms03.gridpp.ac.uk:15000
>> <http://voms03.gridpp.ac.uk:15000>
>> [/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk
>> <http://voms03.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms03.gridpp.ac.uk:15000
>> <http://voms03.gridpp.ac.uk:15000> for VO gridpp:
>> java.security.cert.CertificateException: The peer's certificate with
>> subject's DN CN=voms03.gridpp.ac.uk
>> <http://voms03.gridpp.ac.uk>,L=Physics,OU=Imperial,O=eScience,C=UK was
>> rejected. The peer's certificate status is: FAILED The following
>> validation errors were found:
>> error at position 0 in chain, problematic certificate subject:
>> CN=voms03.gridpp.ac.uk
>> <http://voms03.gridpp.ac.uk>,L=Physics,OU=Imperial,O=eScience,C=UK
>> (category: CRL): Can not verify the CRL as its issuer's public key is
>> unknown or can not be validated Cause: Certification path could not be
>> validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms03.gridpp.ac.uk:15000
>> <http://voms03.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms03.gridpp.ac.uk:15000
>> <http://voms03.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>> endpoints failed.
>> Contacting voms02.gridpp.ac.uk:15000
>> <http://voms02.gridpp.ac.uk:15000>
>> [/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk
>> <http://voms02.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms02.gridpp.ac.uk:15000
>> <http://voms02.gridpp.ac.uk:15000> for VO gridpp:
>> java.security.cert.CertificateException: The peer's certificate with
>> subject's DN CN=voms02.gridpp.ac.uk
>> <http://voms02.gridpp.ac.uk>,L=OeSC,OU=Oxford,O=eScience,C=UK was
>> rejected. The peer's certificate status is: FAILED The following
>> validation errors were found:
>> error at position 0 in chain, problematic certificate subject:
>> CN=voms02.gridpp.ac.uk
>> <http://voms02.gridpp.ac.uk>,L=OeSC,OU=Oxford,O=eScience,C=UK
>> (category: CRL): Can not verify the CRL as its issuer's public key is
>> unknown or can not be validated Cause: Certification path could not be
>> validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms02.gridpp.ac.uk:15000
>> <http://voms02.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms02.gridpp.ac.uk:15000
>> <http://voms02.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>> endpoints failed.
>> Contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
>> [/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk
>> <http://voms.gridpp.ac.uk>] "gridpp"...
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms.gridpp.ac.uk:15000
>> <http://voms.gridpp.ac.uk:15000> for VO gridpp:
>> java.security.cert.CertificateException: The peer's certificate with
>> subject's DN CN=voms.gridpp.ac.uk
>> <http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK was
>> rejected. The peer's certificate status is: FAILED The following
>> validation errors were found:
>> error at position 0 in chain, problematic certificate subject:
>> CN=voms.gridpp.ac.uk
>> <http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK
>> (category: CRL): Can not verify the CRL as its issuer's public key is
>> unknown or can not be validated Cause: Certification path could not be
>> validated. Cause: NullPointerException
>> Certificate validation error: Can not verify the CRL as its issuer's
>> public key is unknown or can not be validated Cause: Certification
>> path could not be validated. Cause: NullPointerException
>> Error contacting voms.gridpp.ac.uk:15000
>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: peer not authenticated
>> Error contacting voms.gridpp.ac.uk:15000
>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
>> endpoints failed.
>> None of the contacted servers for gridpp were capable of returning a
>> valid AC for the user.
>> User's request for VOMS attributes could not be fulfilled.
>>
>>
>> It works on SL7.
>>
>> This error is fairly deadly for a lot of stuff we are doing here.
>>
>> Any ideas ?
>>
>> Regards,
>> Daniela
>>
>>
>> --
>> Sent from the pit of despair
>>
>> -----------------------------------------------------------
>> [log in to unmask] <mailto:[log in to unmask]>
>> HEP Group/Physics Dep
>> Imperial College
>> London, SW7 2BW
>> Tel: +44-(0)20-75947810
>> http://www.hep.ph.ic.ac.uk/~dbauer/
>> <http://www.hep.ph.ic.ac.uk/%7Edbauer/>
>
>
|