Документ взят из кэша поисковой машины. Адрес оригинального документа : http://theory.sinp.msu.ru/pipermail/ru-ngi/2015q1/001507.html
Дата изменения: Wed Feb 18 09:39:47 2015
Дата индексирования: Sun Apr 10 18:12:59 2016
Кодировка:
[RU-NGI] Fwd: [Noc-managers] EGI IGTF CA update, version 1.62-1 ticket created [EGI #8217], due February 23 - with VOMS deployment recommendations

[RU-NGI] Fwd: [Noc-managers] EGI IGTF CA update, version 1.62-1 ticket created [EGI #8217], due February 23 - with VOMS deployment recommendations

Alexander Kryukov kryukov at theory.sinp.msu.ru
Mon Feb 16 16:19:33 MSK 2015 

FYI

-------- Forwarded Message --------
Subject: [Noc-managers] EGI IGTF CA update, version 1.62-1 ticket 
created [EGI #8217], due February 23 - with VOMS deployment recommendations
Date: Mon, 16 Feb 2015 09:59:57 +0100
From: David Groep <davidg at nikhef.nl>
To: egi-csirt-team at mailman.egi.eu, jpina at lip.pt, jorge at lip.pt, 
inspire-sa2 at mailman.egi.eu, project-eu-egee-middleware-iteam at cern.ch, 
eimamagi at srce.hr, noc-managers at mailman.egi.eu, sveng at nikhef.nl, 
egi-igtf-liaison at nikhef.nl, dennisvd at nikhef.nl
CC: LCG QWG <quattor-grid at lists.sourceforge.net>

Hi all,

The IGTF is about to release an update to the trust anchor repository (1.62)
containing the following changes:

Changes from 1.61 to 1.62
-------------------------
(23 February 2015)

* Added Root CA 2 for NIIF (HU)
* Extended life time for pkIRISGrid CA (ES)
* Updated DigiCert root CA meta-data in preparation for TCS (US)
* Included GEANT TCS CA G3 trust anchors (EU)
* Temporarily suspended HIAST/74c6eaeb for operational reasons (SY)
* Discontinued ULAGrid-CA-2008 CA (VE)
* Discontinued NCHC CA (TW)

The accompanying EGI 1.62 release with these changes has been submitted
to RT as 7719:

   https://rt.egi.eu/rt/Ticket/Display.html?id=8217

This release includes two CAs where the issuer name, but not the
end-user names, change. To make this change transparent, VOMS and VOMS-Admin
operators are kindly but urgently requested to review their installation:

   - on the VOMS core Attribute Authority service, configure the 
"-skipcacheck"
     flag on start-up. In YAIM this is done by setting "VOMS_SKIP_CA_CHECK"
     to true. See 
https://wiki.italiangrid.it/twiki/bin/view/VOMS/VOMSYAIMGuide
   - update VOMS-Admin to version >= 3.3.2, and set 
"voms.skip_ca_check=True"
     in the service properties. For more info, read the release notes at
 
http://italiangrid.github.io/voms/release-notes/voms-admin-server/3.3.2/

If configured in this way, the updated to NIIF and TCS are fully
transparent to end-users.

For those *end-users* that actively use the TCS service
(SE,FI,DK,IL,NL,IT,IE,CZ): they should ensure that the organisation name
will also remain the same in order for this change to be transparent - OR
if this cannot be done they will need to roll over their VOMS membership
before June 1st.
More information about this change will be distributed through the GEANT
TCS members (NREN) and subscriber lists.

The IGTF upstream changes and the full 1.62 changelog from the IGTF is at
 
https://dist.eugridpma.info/distribution/tests/PMA-PRIVATE-PREVIEW/releases/1.62

Please hold off announcing the EGI specific release until the IGTF
has done the announcement as well (due Mon next week, the 23rd of February).

	Cheers,
	DavidG.

-- 
David Groep

** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
_______________________________________________
Noc-managers mailing list
Noc-managers at mailman.egi.eu
https://mailman.egi.eu/mailman/listinfo/noc-managers

-- 
A.Kryukov, PhD
Head of laboratory, SINP MSU
Phone: +7 495 939-3156

More information about the RU-NGI mailing list