Hi Chris, I did what you asked for and the new certificate i got into /etc/AccessGrid3/Config/CAcertificates/ isn't being loaded .
Thanks, El 02/06/2014 11:21, Christoph Willing escribió: > Hi Miguel, > > I thought I had taken that problem into account when I created this > latest CA but evidently not. I will have to investigate the cause of > the problem some more. > > In the meantime, could you try a little test please? Change the name > of ~/.AccessGrid to something else e.g. ~/.AccessGrid_XXX. With no > other AG applications running, run certmgr (or certmgr3.py). That will > create a new ~/.AccessGrid tree. Don't try to explicitly load any CA, > just list the CA's. Has the new one been loaded automatically? > > > Tom, if you're reading ... > We saw that problem some time ago with a new (at that time) CA > from ANL but you were able to issue a corrected CA. Do you recall how > you overcame this problem when creating the new CA? I thought I had > allowed for it by adding a 12 digit hex parameter to -set_serial > argument of the "openssl req -new -x509 ..." command I used to > generate the CA. That actually fixed the problem locally but looks > like not globally. Any other ideas? > > chris > > > On 06/02/2014 05:18 PM, Miguel Sáez Llorente wrote: >> Hello, >> >> I'm trying to follow your instructions but i can't import the new CA. >> >> (CA mode) > import /etc/AccessGrid3/Config/CAcertificates/cb2c302e.0 >> /etc/AccessGrid3/Config/CAcertificates/cb2c302e.signing_policy >> Error importing certificate from >> /etc/AccessGrid3/Config/CAcertificates/cb2c302e.0: long too large to >> convert to int >> >> Thanks, >> >> El 29/05/2014 11:57, Christoph Willing escribió: >>> Sending again for list .. >>> >>> chris >>> >>> >>> -------- Original Message -------- >>> Subject: Re: [AG-TECH] Requesting a new certificate or running a >>> VenueServer without. >>> Date: Thu, 29 May 2014 19:51:04 +1000 >>> From: Christoph Willing <chris.will...@iinet.net.au> >>> To: Miguel Sáez Llorente <miguelangel.s...@usc.es> >>> >>> Although the complete authority server infrastructure isn't set up yet, >>> the core of it is ready. We have a new CA and a mechanism for signing >>> certificate requests. If you want to use it, the necessary steps >>> currently are: >>> >>> 1. Download the two CA files from: >>> http://www.ap-accessgrid.org/CA/ >>> (the README has md5sums for them) and copy them into >>> /etc/AccessGrid/Config/CAcertificates directory. They will be used >>> automatically by new users (who don't yet have a ~/.AccessGrid >>> directory >>> tree). Established users will have to run certmgr3 (certmgr3.py on some >>> systems), enter "ca" to go into CA mode, then import the .0 file you >>> just downloaded) >>> >>> 2. Create a certificate request - in a terminal run: >>> openssl req -newkey rsa:512 -nodes -out cert.csr -keyout >>> cert.key >>> and answer the questions (leave password empty for server usage). When >>> complete this will generate 2 files, cert.csr and cert.key (you can >>> give >>> them more meaningful names if you like). Keep the .key file safe >>> (you'll >>> need it later) and send the .csr file here (I hope this list allows >>> attachments) or directly to me. I will sign the request and email your >>> certificate file (as a .pem file) to you. >>> >>> 3. When you receive the .pem file, copy it to wherever you're keeping >>> the .key file, then from that directory run certmgr3.py - this time >>> stay >>> in id mode and then go: >>> import cert.pem cert.key >>> (or whatever the names of .pem & .key files are). >>> >>> 4. If you now have multiple id certificates, you'll need to make the >>> new >>> certificate the default e.g. >>> default 2 >>> (the number depends on output from certmgr3's list command) >>> >>> That should be all .. >>> >>> chris >>> >>> >>> On 28/05/14 5:35 PM, Miguel Sáez Llorente wrote: >>>> Hello everyone! >>>> >>>> My venue server certificate is about to expire within the next few >>>> days. >>>> I'm trying to request a new certificate but it seems the certificate >>>> authority server isn't up yet. If it didn't get already fixed i >>>> guess it >>>> won't be soon enough so i'm wondering if there is any way to run a >>>> Venue >>>> Server without a certificate?. >>>> >>>> Thanks, >>>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> Time is money. Stop wasting it! Get your web API in 5 minutes. >>> www.restlet.com/download >>> http://p.sf.net/sfu/restlet >>> _______________________________________________ >>> accessgrid-tech mailing list >>> accessgrid-tech@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/accessgrid-tech >> -- ==================================================================== Miguel A. Sáez Llorente Soporte tareas multimedia - ATIC Univ. Santiago de Compostela (USC) Rúa de José María Suárez Núñez (Campus Sur) - Pavellón de Servicios 15705 Santiago de Compostela - SPAIN E-mail: miguelangel.s...@usc.es Tel: ext. 13035 / Directo (+34) 881813035 Tel AG: ext. 16273 / Directo (+34) 881816273 Movil Personal: (+34) 634531716 Fax: (+34) 981547070 Web: http://www.usc.es/atic ==================================================================== ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ accessgrid-tech mailing list accessgrid-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/accessgrid-tech