[Go-essp-tech] wget download certificate timeouts

philip.kershaw at stfc.ac.uk philip.kershaw at stfc.ac.uk
Mon Jul 18 07:07:01 MDT 2011 

That's right – set this in the server config:

max_cert_lifetime 72

The MyProxyLogon webstart is more of a concern.  Can it request the max 72 hours out of the box or does it need modification?

Cheers,
Phil

From: <stephen.pascoe at stfc.ac.uk<mailto:stephen.pascoe at stfc.ac.uk>>
Date: Mon, 18 Jul 2011 12:56:45 +0000
To: <Luca.Cinquini at jpl.nasa.gov<mailto:Luca.Cinquini at jpl.nasa.gov>>
Cc: <go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>>
Subject: Re: [Go-essp-tech] wget download certificate timeouts

It's Phil's field but just from digging into our deployment I see we've changed the "max_proxy_lifetime" option in myproxy-server.config (in GLOBUS_HOME/etc)

Cheers,
Stephen.


---
Stephen Pascoe  +44 (0)1235 445980
Centre of Environmental Data Archival
STFC Rutherford Appleton Laboratory, Harwell Oxford, Didcot OX11 0QX, UK

From: Cinquini, Luca (3880) [mailto:Luca.Cinquini at jpl.nasa.gov]
Sent: 18 July 2011 13:50
To: Pascoe, Stephen (STFC,RAL,RALSP)
Cc: strandwg at ucar.edu<mailto:strandwg at ucar.edu>; go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>
Subject: Re: [Go-essp-tech] wget download certificate timeouts

Hi Stephen,
            can you please remind me of how to change the MyProxy maximum lifetime on the server side ? I think Neill sent instructions but I can't find them any more...
thanks, Luca

On Jul 18, 2011, at 3:55 AM, <stephen.pascoe at stfc.ac.uk<mailto:stephen.pascoe at stfc.ac.uk>> wrote:


Last week Garry raised the problem of myproxy certificate timeouts when downloading data using wget scripts.

We have talked several times about increasing the default and/or maximum certificate lifetime for certificates issued by out myproxy servers.  I recall we agreed to increase the maximum lifetime to 72 hours.  This has been the case at the CEDA myproxy service for a few weeks now.  I have tested PCMDI's service and it only issues certificates for 1 day.

Garry, if you have a CEDA OpenID you can get a 72 hour certificate if you use the myproxy-logon [1] or myproxyclient [2] tools by adding "-t 72" to your command.  I'm not sure whether the most recent java webstart app allows you to set this.  I hope PCMDI and other centres will deploy the 72 hour maximum lifetime soon.  Would this meet your requirements?

[1] http://www.globus.org/toolkit/
[2] http://pypi.python.org/pypi/MyProxyClient

Cheers,
Stephen


---
Stephen Pascoe  +44 (0)1235 445980
Centre of Environmental Data Archival
STFC Rutherford Appleton Laboratory, Harwell Oxford, Didcot OX11 0QX, UK



--
Scanned by iCritical.

_______________________________________________
GO-ESSP-TECH mailing list
GO-ESSP-TECH at ucar.edu<mailto:GO-ESSP-TECH at ucar.edu>
http://mailman.ucar.edu/mailman/listinfo/go-essp-tech



--
Scanned by iCritical.

_______________________________________________ GO-ESSP-TECH mailing list GO-ESSP-TECH at ucar.edu<mailto:GO-ESSP-TECH at ucar.edu> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
-- 
Scanned by iCritical.

More information about the GO-ESSP-TECH mailing list