[2365] in Enterprise Print Delivery Team
Re: Pillage Certificate
daemon@ATHENA.MIT.EDU (Peter B. Kelley)
Mon Mar 4 08:30:49 2002
Message-Id: <4.3.2.7.2.20020304082801.00ba4828@hesiod>
Date: Mon, 04 Mar 2002 08:33:40 -0500
To: "Rocklyn E. Clarke" <rclarke@MIT.EDU>
From: "Peter B. Kelley" <kelley@MIT.EDU>
Cc: IPM-SYS <IPM-SYS@MITVMA.MIT.EDU>, IPM-CM List <IPM-CM@MIT.EDU>,
<PRINTDEL@MIT.EDU>
In-Reply-To: <p05010401b8a708371166@[192.168.1.101]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
to all...
Since the Apache distribution wasn't a 'standard' distribution, a link that
is normally present was not, which resulted in the automatic SSL
certificate date checking routine to not gracefully report on an imminent
expiration.
The missing link has been created, and the certificate checking code has
been modified to avoid similar situations in the future.
--Pete
At 05:57 PM 3/2/2002 -0500, Rocklyn E. Clarke wrote:
>Hello,
>
>Below you will find the email that Jody sent announcing that she had
>set up Apache (including certificates) on Pillage and Plunder).
>Notice that it was sent a little over a year ago on February 28. My
>guess is that Jeff Schiller signed and sent her the certificates on
>February 27, 2001 and that they expired right on time after a year
>had passed. This means that both pillage and plunder will need new
>server certificates. They also need to be on someone's official
>schedule for certificate renewal.
>
>Rocklyn
>
>-------
>--- begin forwarded text
>
>
>X-Comment: mitvma.mit.edu: Mail was sent by fort-point-station.mit.edu
>X-Comment: mitvma.mit.edu: Mail was sent by pacific-carrier-annex.mit.edu
>X-Sender: jhousman@hesiod
>Date: Wed, 28 Feb 2001 15:53:37 -0500
>Reply-To: MIT InfoPrint Manager System Administration
> <IPM-SYS@MITVMA.MIT.EDU>
>Sender: MIT InfoPrint Manager System Administration
> <IPM-SYS@MITVMA.MIT.EDU>
>From: Jody Housman <jhousman@MIT.EDU>
>Subject: pillage/plunder
>To: IPM-SYS@MITVMA.MIT.EDU
>
>Pillage and Plunder now both have MIT's Apache with SSL running.
>Everything is in place, certificates installed, everything has been tested.
> Whew. Thank goodness for Miki who finally figured out how to compile the
>little beast.
>
>Dan, I need to know what you need so that we can get your code moved over
>so that I can disable the IBM version of Apache and test your stuff under
>the new version. Let me know as soon as possible and I will get you set up.
>
>LPRng is on hold. I am having a problem trying to get it to authenticate
>(although I have gotten really good at rejecting ;) Garry very kindly
>created the necessary keytab and provided some instruction, but I still can
>not get it to work. It has been a tough week, but I hope to get back to
>this before Friday.
>
>Also, just FYI. All OS maintenance patches and the IPM patches have been
>installed. I have not yet touched base with Lynne so I am not sure if
>there are any issues with the IPM patch installation yet.
>
>Let me know if there are any questions or concerns.
>
>Thanks,
>
> -- Jody
>
>--- end forwarded text
