I've forwarded to David Groep.
> -----Original Message-----
> From: Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Robert Frank
> Sent: 28 November 2017 13:41
> To: [log in to unmask]
> Subject: Re: We think trust anchors 1.88-1 breaks on SL6
>
> We have a local mirror of the EGI CA repository which keeps the old versions. I
> can just change the version in puppet which then points yum to the old version.
> After that and a yum clean all, yum history rollback works.
>
> Cheers,
> Robert
>
> On 28/11/17 13:32, Daniela Bauer wrote:
> > How did you roll back to 1.87 ?
> >
> > Cheers,
> > Daniela
> >
> > On 28 November 2017 at 13:30, Robert Frank
> > <[log in to unmask]>
> > wrote:
> >
> >> I've seen it as well in Manchester when I tried to update this morning.
> >> I've rolled everything back to 1.87 for now.
> >> I got the impression that it works when both, the server and the
> >> client use the same version, but more testing is needed to confirm this.
> >>
> >> Cheers,
> >> Robert
> >>
> >> On 28/11/17 13:21, Stephen Jones wrote:
> >>
> >>> Don't update to 1.88-1
> >>>
> >>> We have same problems too!
> >>>
> >>> Working on it; site is down because ARGUS (SL6) is clobbered by this...
> >>>
> >>> Cheers,
> >>>
> >>>
> >>> Ste
> >>>
> >>>
> >>> On 28/11/17 13:17, Daniela Bauer wrote:
> >>>
> >>>> Hi All,
> >>>>
> >>>> the latest trust anchor release contains this chage:
> >>>>
> >>>> * updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
> >>>>
> >>>> When I try and run the cvmfs UI on SL6 I get the following error:
> >>>>
> >>>> lx01:~ > voms-proxy-init --voms gridpp Enter GRID pass phrase for
> >>>> this identity:
> >>>> Contacting voms03.gridpp.ac.uk:15000
> >>>> <http://voms03.gridpp.ac.uk:15000>
> >>>> [/C=UK/O=eScience/OU=Imperial/L=Physics/CN=voms03.gridpp.ac.uk <
> >>>> http://voms03.gridpp.ac.uk>] "gridpp"...
> >>>> Certificate validation error: Can not verify the CRL as its
> >>>> issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms03.gridpp.ac.uk:15000 <
> >>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp:
> >>>> java.security.cert.CertificateException: The peer's certificate
> >>>> with subject's DN CN=voms03.gridpp.ac.uk
> >>>> <http://voms03.gridpp.ac.uk>,L =Physics,OU=Imperial,O=eScience,C=UK
> >>>> was rejected. The peer's certificate status is: FAILED The following
> validation errors were found:
> >>>> error at position 0 in chain, problematic certificate subject: CN=
> >>>> voms03.gridpp.ac.uk <http://voms03.gridpp.ac.uk>,L
> >>>> =Physics,OU=Imperial,O=eScience,C=UK (category: CRL): Can not
> >>>> verify the CRL as its issuer's public key is unknown or can not be
> >>>> validated
> >>>> Cause: Certification path could not be validated. Cause:
> >>>> NullPointerException
> >>>> Certificate validation error: Can not verify the CRL as its
> >>>> issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms03.gridpp.ac.uk:15000 <
> >>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: peer not
> >>>> authenticated Error contacting voms03.gridpp.ac.uk:15000 <
> >>>> http://voms03.gridpp.ac.uk:15000> for VO gridpp: REST and legacy
> >>>> VOMS endpoints failed.
> >>>> Contacting voms02.gridpp.ac.uk:15000
> >>>> <http://voms02.gridpp.ac.uk:15000>
> >>>> [/C=UK/O=eScience/OU=Oxford/L=OeSC/CN=voms02.gridpp.ac.uk <
> >>>> http://voms02.gridpp.ac.uk>] "gridpp"...
> >>>> Certificate validation error: Can not verify the CRL as its
> >>>> issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms02.gridpp.ac.uk:15000 <
> >>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp:
> >>>> java.security.cert.CertificateException: The peer's certificate
> >>>> with subject's DN CN=voms02.gridpp.ac.uk
> >>>> <http://voms02.gridpp.ac.uk>,L =OeSC,OU=Oxford,O=eScience,C=UK was
> >>>> rejected. The peer's certificate status is: FAILED The following validation
> errors were found:
> >>>> error at position 0 in chain, problematic certificate subject: CN=
> >>>> voms02.gridpp.ac.uk <http://voms02.gridpp.ac.uk>,L
> >>>> =OeSC,OU=Oxford,O=eScience,C=UK (category: CRL): Can not verify the
> >>>> CRL as its issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Certificate validation error: Can not verify
> >>>> the CRL as its issuer's public key is unknown or can not be
> >>>> validated Cause: Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms02.gridpp.ac.uk:15000 <
> >>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: peer not
> >>>> authenticated Error contacting voms02.gridpp.ac.uk:15000 <
> >>>> http://voms02.gridpp.ac.uk:15000> for VO gridpp: REST and legacy
> >>>> VOMS endpoints failed.
> >>>> Contacting voms.gridpp.ac.uk:15000 <http://voms.gridpp.ac.uk:15000>
> >>>> [/C=UK/O=eScience/OU=Manchester/L=HEP/CN=voms.gridpp.ac.uk <
> >>>> http://voms.gridpp.ac.uk>] "gridpp"...
> >>>> Certificate validation error: Can not verify the CRL as its
> >>>> issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms.gridpp.ac.uk:15000
> >>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp:
> >>>> java.security.cert.CertificateException: The peer's certificate
> >>>> with subject's DN CN=voms.gridpp.ac.uk <
> >>>> http://voms.gridpp.ac.uk>,L=HEP,OU=Manchester,O=eScience,C=UK was
> >>>> rejected. The peer's certificate status is: FAILED The following validation
> errors were found:
> >>>> error at position 0 in chain, problematic certificate subject: CN=
> >>>> voms.gridpp.ac.uk <http://voms.gridpp.ac.uk>,L=H
> >>>> EP,OU=Manchester,O=eScience,C=UK (category: CRL): Can not verify
> >>>> the CRL as its issuer's public key is unknown or can not be validated Cause:
> >>>> Certification path could not be validated. Cause:
> >>>> NullPointerException Certificate validation error: Can not verify
> >>>> the CRL as its issuer's public key is unknown or can not be
> >>>> validated Cause: Certification path could not be validated. Cause:
> >>>> NullPointerException Error contacting voms.gridpp.ac.uk:15000
> >>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: peer not
> >>>> authenticated Error contacting voms.gridpp.ac.uk:15000
> >>>> <http://voms.gridpp.ac.uk:15000> for VO gridpp: REST and legacy VOMS
> endpoints failed.
> >>>> None of the contacted servers for gridpp were capable of returning
> >>>> a valid AC for the user.
> >>>> User's request for VOMS attributes could not be fulfilled.
> >>>>
> >>>>
> >>>> It works on SL7.
> >>>>
> >>>> This error is fairly deadly for a lot of stuff we are doing here.
> >>>>
> >>>> Any ideas ?
> >>>>
> >>>> Regards,
> >>>> Daniela
> >>>>
> >>>>
> >>>> --
> >>>> Sent from the pit of despair
> >>>>
> >>>> -----------------------------------------------------------
> >>>> [log in to unmask] <mailto:[log in to unmask]>
> >>>> HEP Group/Physics Dep
> >>>> Imperial College
> >>>> London, SW7 2BW
> >>>> Tel: +44-(0)20-75947810
> >>>> http://www.hep.ph.ic.ac.uk/~dbauer/ <http://www.hep.ph.ic.ac.uk/%7
> >>>> Edbauer/>
> >>>>
> >>>
> >>>
> >>>
> >
> >
|