grid-proxy-init -verify -debug
It's a file in /etc/grid-sequrity/certificates/1e12d831.r0 (for APACGrid CA) Next Update is overdated. Current (for the date of this posting) CRL has inside:
Version 1 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: /C=AU/O=APACGrid/OU=CA/CN=APACGrid/emailAddress=camanager@vpac.org
Last Update: Jun 18 23:50:25 2007 GMT
Next Update: Jul 18 23:50:25 2007 GMT
It hasn't been updated on my bestgrid-02 machine automatically because on unknown reason a line to call fetch-crl.cron script disappeared from crontab file.
To update APACGrid CA CRL use link http://ca.apac.edu.au/pub/crl/cacrl.txt
and place this file as /etc/grid-sequrity/certificates/1e12d831.r0. Also to automatic updates it's a good idea to create cron task for daily or even hourly updates of CRL:
#!/bin/bash
# /opt/vdt/fetch-crl/share/doc/fetch-crl-2.6.2/fetch-crl.cron
# in crontab:
# 12 2 * * * /opt/vdt/fetch-crl/share/doc/fetch-crl-2.6.2/fetch-crl.cron
# Designed to be ran once a day.
if [ -f /etc/sysconfig/fetch-crl ] ; then
. /etc/sysconfig/fetch-crl
fi
CRLDIR=${CRLDIR:-/opt/vdt/globus/TRUSTED_CA/}
QUIET=${QUIET:-yes}
if [ $QUIET = "yes" ] ; then
/opt/vdt/fetch-crl/sbin/fetch-crl --loc $CRLDIR -out $CRLDIR -a 24 --quiet
else
/opt/vdt/fetch-crl/sbin/fetch-crl --loc $CRLDIR -out $CRLDIR
fi
No comments:
Post a Comment