Custom Query (431 matches)


Show under each result:

Results (13 - 15 of 431)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Ticket Resolution Summary Owner Reporter
#1278 fixed review/fix the top-level READMEs dlove dlove

Also refer to an in-band copy of the licence.

#1453 fixed repeating qsub -binding arg gives bogus error Dave Love <…> dlove

Repeating -binding on the qsub command line or with a request file gives

Unknown option -binding ...

Maybe related to #1452

#1423 fixed renew_all_certs creates CRL which expires after one month Dave Love <…> aylee

I've stumbled over an effect which seems to be the same as described in:

One year after I setup SGE we got SSL errors: no wonder because the certificates expired... Consequently I ran renew_all_certs, distributed the files on all nodes and everything was running fine again.

After about a month we had certificate errors again! I checked the certficate files and they all seemed correct, e.g.:

[root@tsqm sgeCA]# openssl x509 -in /gridware/cst-gridengine/default/common/sgeCA/cacert.pem -noout -text
        Version: 3 (0x2)
        Serial Number:
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Hessen, L=Darmstadt, O=CST AG, OU=Research and Development, CN=SGE Certificate Authority/UID=CA/
            Not Before: Jun  7 18:14:59 2012 GMT
            Not After : Jun  7 18:14:59 2013 GMT

I dug further and found that the CRL seems to be the problem! It claims that a new version has to be available every month:

[root@tsqm sgeCA]# openssl crl -in /gridware/cst-gridengine/default/common/sgeCA/ca-crl.pem -noout -text
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: /C=DE/ST=Hessen/L=Darmstadt/O=CST AG/OU=Research and Development/CN=SGE Certificate Authority/UID=CA/
        Last Update: Jun  7 18:15:00 2012 GMT
        Next Update: Jul  7 18:15:00 2012 GMT

I'd propose to set the same expiry period for the CRL as for the CA certificates.

IMHO this is a pretty subtle pitfall which easily breaks a CSP enabled installation completely; also others were already bitten by this. That is the reason why I've set "major" severity

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Note: See TracQuery for help on using queries.