Index of /distribution/egi-1.53-1/current-old
------------------------------------------------------------------------------
Subject: VOMS servers need old build of EGI-trustanchors
Dear all
This broadcast concerns sites that manage a VOMS server with VOMS-ADMIN
administrative interface.
A problem has been found where sites upgraded their VOMS server to the
latest version of the trust anchors (CA 1.38+) and subsequently the VOMS
Administrative Interface (VOMS-ADMIN) fails to start. We are presently
working to understand the issue.
This does not affect the VOMS server itself, but solely the admin interface.
The quick fix is for the VOMS server admins to replace the default
EGI trust anchor repository by the following temporary repository
http://egi-igtf.ndpf.info/distribution/egi/current-old/
which can be configured using the following Yum repo file. Please keep the
following in mind:
- only the VOMS ADMIN server is affected. This change DOES NOT apply to other
services at this point, and unless you are affected by this issue you
should NOT change the trust anchor repository
- Only ONE repository can be configured at any one time. Before
configuring the legacy repository, you MUST DISABLE the default repo
(by setting "enabled=0" in the repo.d file)
- You CANNOT upgrade from the default repo to the legacy repo or vice-versa.
Before changing, you must de-install the previous "ca_*" packages and all of
the meta-packages "lcg-CA", "ca-policy-egi-core" and/or "ca-policy-lcg"
The legacy repo.d file should read:
[EGI-trustanchors-historic]
name=EGI-trustanchors-historic
baseurl=http://egi-igtf.ndpf.info/distribution/egi/current-old/
gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
gpgcheck=1
enabled=1
This repository is made available on a temporary basis and should not be
configured as a permanent site setting. It should not be applied to non VOMS
services.
European Grid Infrastructure EGI Trust Anchor release 1.53 2013.05.27
------------------------------------------------------------------------------
For release DOCUMENTATION available on this EGI Trust Anchor release see
https://wiki.egi.eu/wiki/EGI_IGTF_Release
------------------------------------------------------------------------------
Modifications compared to the previous release:
* updated to IGTF Accredited CA distribution version 1.53-1 Classic, SLCS and
MICS profiles, encoded in meta-package "ca-policy-egi-core-1.53-1" (for new
installs) and "lcg-CA-1.53-1" (for sites upgrading from EGEE/LCG releases).
* Location of the repository changed to repository.egi.eu. See documentation
for details and the updated repo files.
* Your may install BOTH the "egi-core" AND "lcg" meta-packages, according to
your policies. Note that your organisation or NGI may have a specific
policy and may have added or removed CAs compared to the EGI core policy.
The following notices are republished from the IGTF and EUGridPMA, inasfar
as pertinent to this release. More information can be found in the
EUGridPMA newsletter (see https://www.eugridpma.org/):
Changes from 1.52 to 1.53
-------------------------
(27 May 2013)
* Added new root cert for IHEP CA (2013) (CN)
* Removed retired NCSA GridShib CA (e8ac4b61) (US)
* Removed backup crl_url locations for CILogon CAs
due to future crl.doegrids.org shutdown. (US)
* Removed retired TACC CAs (2ac09305, 684261aa, e5cc84c2) (US)
* Updated NERSC CA (b93d6240) to extend validity and change to
self-signed rather than subordinate to ESnet (US)
The CA modifications, encoded in both "requires" and "obsoletes" clauses, have
been incorporated in the above-mentioned meta-package RPMs. This trust anchor
release is best enjoyed with fetch-crl v3 or better, available from popular
GNU/Linux OS (add-on) repositories Fedora, EPEL, Debian, and from the IGTF.
Version information: ca-policy-egi-core = 1.53-1
![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[DIR]](/icons/folder.gif){kind=icon}
![[ ]](/icons/unknown.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}