Hi Helmut, Thanks for your kind reply.
Regards On Fri, Dec 18, 2015 at 10:05 PM, Helmut Heller <helmut.hel...@lrz.de> wrote: > Hi Tejas, > > CRLs are fetched from CAs every 24 hours to know which certificates have > been revoked and should no longer be trusted. > > > This could be a transient error, e.g., if your internet connection was > down or overloaded while the CRL-update was running. Or it might be that > the CA in question (MARGI/0) no longer exists or was temporarily > unavailable. > > If the error persists, you can delete the CA files of the CA in question. > If your certificates reside in /etc/grid-security/certificates, you could > do the following: > > become root > cd /etc/grid-security/certificates > grep MARGI * > now you see which files use MARGI. You might see something like this: > > 1e4f9475.info:# CA: MARGI (mk) > 1e4f9475.info:alias = MARGI > 1e4f9475.namespaces:# CA alias : MARGI > 1e4f9475.namespaces:# subjectDN: /C=MK/O=MARGI/CN=MARGI-CA > 1e4f9475.namespaces:TO Issuer "/C=MK/O=MARGI/CN=MARGI-CA" \ > 1e4f9475.namespaces: PERMIT Subject "/C=MK/O=MARGI/.*" > 1e4f9475.signing_policy:# EACL MARGI CA > 1e4f9475.signing_policy:access_id_CA X509 '/C=MK/O=MARGI/CN=MARGI-CA' > 1e4f9475.signing_policy:cond_subjects globus '"/C=MK/O=MARGI/CN=MARGI-CA" > "/C=MK/O=MARGI/*"' > 7d0d064a.info:# CA: MARGI (mk) > 7d0d064a.info:alias = MARGI > 7d0d064a.namespaces:# CA alias : MARGI > 7d0d064a.namespaces:# subjectDN: /C=MK/O=MARGI/CN=MARGI-CA > 7d0d064a.namespaces:TO Issuer "/C=MK/O=MARGI/CN=MARGI-CA" \ > 7d0d064a.namespaces: PERMIT Subject "/C=MK/O=MARGI/.*" > 7d0d064a.signing_policy:# EACL MARGI CA > 7d0d064a.signing_policy:access_id_CA X509 '/C=MK/O=MARGI/CN=MARGI-CA' > 7d0d064a.signing_policy:cond_subjects globus '"/C=MK/O=MARGI/CN=MARGI-CA" > "/C=MK/O=MARGI/*"' > MARGI.info <http://margi.info>:# CA: MARGI (mk) > MARGI.info:alias = MARGI > MARGI.namespaces:# CA alias : MARGI > MARGI.namespaces:# subjectDN: /C=MK/O=MARGI/CN=MARGI-CA > MARGI.namespaces:TO Issuer "/C=MK/O=MARGI/CN=MARGI-CA" \ > MARGI.namespaces: PERMIT Subject "/C=MK/O=MARGI/.*" > MARGI.signing_policy:# EACL MARGI CA > MARGI.signing_policy:access_id_CA X509 '/C=MK/O=MARGI/CN=MARGI-CA' > MARGI.signing_policy:cond_subjects globus '"/C=MK/O=MARGI/CN=MARGI-CA" > "/C=MK/O=MARGI/*"' > policy-igtf-classic.info: MARGI = 1.64, \ > sha1sums:f687052483eb1400055efe2130958b445f39696b MARGI.crl_url > sha1sums:f3917318fa6d8cc55dc8d04660912648530424dd MARGI.info > <http://margi.info> > sha1sums:7594478a1ac1395d4cfbbbd3eb0e95ac4fbc860c MARGI.namespaces > sha1sums:574b7dadf20c6e356a55fa58771c281ded6564b6 MARGI.pem > sha1sums:b25157dbac3888211a3d609c528afe621a98db97 MARGI.signing_policy > > > If you don’t have users who use the MARGI CA you could delete all related > files, e.g., > rm MARGI.* 7d0d064a* 1e4f9475* > > Then this error (with MARGI) should no longer appear. But be careful when > removing certificates: > - do not put the “*” by itself (which would delete all certificate > files!), only with the selected files! > - make sure first that you really do not need the certificates in question > - I also have the MARGI CA in my certificates folder and did not yet > receive any error messages, > so it might really be a temporary or local problem, which does not > warrant deleting these files (yet) > > Helmut, European Globus Community Forum EGCF > > On 18.12.2015, at 01:13, Benjamin Fernandis <benjo11...@gmail.com> wrote: > > Hi, > > We getting different such above mails for different public CA. How we can > resolve this error? > > what would be logic behind this error msg? > > Regards > Tejas > > > Servus, Helmut (DH0MAD) ______________NeXT-mail > welcome_________________ > FAX: +49-89-35831-8623 "Knowledge must be gathered and cannot be > given" > hel...@lrz.de ZEN, one of BLAKES7 > Phone: +49-89-35831-8823 > ________________________________________________ > Dr. Helmut Heller > Leibniz-Rechenzentrum (LRZ) > Distributed Resources Group (DRG) > Boltzmannstr. 1, Room E.1.025, D-85748 Garching, GERMANY > > > > > >
