Is there a recipe for adding trust when someone rocks up with a clean
macOS. My laptop is old but I remember importing the root CA certs
into the keychain rather than browser (which is fine). I recall
getting these from the terena website but it's rather opaque. Where
are people getting their root CA certs to be used in browsers?
Cheers,
Peter
On 30 November 2017 at 10:27, Robert Frank
<[log in to unmask]> wrote:
> Hmm, it was certainly working when I tried it in my Firefox. You could try
> to delete all eScience certificates from the Authorities list, then the
> browser should only send your certificate and not the whole chain and
> therefore shouldn't trigger the bug. I've had problems in the past with
> Firefox that deleted CA certificates reappeared after closing and reopening
> the dialog box. You should check that they really are deleted. If they are
> gone and you can access to the Cern VOMS server works then you can try to
> import the new CA certificate again.
>
> Alternatively, if you're in a hurry and have Firefox you could try to create
> a new profile (firefox -no-remote -P) to start with a clean slate and sort
> out your default profile later.
>
> Cheers,
> Robert
>
>
> On 30/11/17 10:01, George, Simon wrote:
>>
>> Thanks Robert.
>>
>> I tried updating the 2B certificate but it didn't seem to help.
>>
>> I have some role requests to approve so if anyone knows the solution to
>> this I would really appreciate your help.
>>
>>
>> ________________________________
>> From: Testbed Support for GridPP member institutes
>> <[log in to unmask]> on behalf of Robert Frank
>> <[log in to unmask]>
>> Sent: 30 November 2017 08:10
>> To: [log in to unmask]
>> Subject: Re: I cannot connect to lcg-voms2.cern.ch - can anyone else?
>>
>> Hi Simon,
>>
>> yes, this is caused by the trust anchors 1.88 issue. If you delete the old
>> 2B CA from your browser and import the new one then you will be able to
>> access the CERN VOMS servers again. But this might also prevent you from
>> accessing other services that still use the 1.87 release (if they are java
>> services that use bouncycastle on SL6x, eg the gridpp voms server).
>>
>> Cheers,
>> Robert
>>
>> On 29/11/17 19:56, George, Simon wrote:
>>>
>>> Hi,
>>>
>>> today when trying to connect to https://lcg-voms2.cern.ch:8443/voms/atlas
>>> I get ERR_CONNECTION_CLOSED.
>>>
>>> Is it just me? Can anyone else access it?
>>>
>>> Is this by any chance related to the
>>>
>>> I have tried Firefox & Chrome on Windows 10 & SLC6 both inside and
>>> outside of CERN.
>>>
>>> I have my certificate installed in all the browsers.
>>>
>>> Any chance it is related to the trust anchors 1.88-1 issue?
>>>
>>> Thanks,
>>>
>>> Simon
>>>
>>>
>>>
>>
>
|