Hmm... I only see successful updates in the log. Can you tell me the time/date of the event in the dashboard? Can you maybe provide an errors.log from data point of time as well?
Yes that´s what I realised yesterday, there is no failed update in the log and neither today but the warning is still displayed.
Yesterday´s warning date is 23-Feb 2012 03:38:03
Which error.log do you need? Where can I find it?
Is there any problem if I delete manually all the expired CAs? I´ve seen several expired CAs
if a CA is expired you can remove it.
The CA update error should be in the mwg-core*.log. If you have SSH access you can simply run
egrep CannotLoadCRL /opt/mwg/log/mwg-errors/mwg-core*
That should give a list of CA load issues.
Thanks Andre, here it is:
[root@HZKWSG-EJ00 ~]# egrep CannotLoadCRL /opt/mwg/log/mwg-errors/mwg-core*
/opt/mwg/log/mwg-errors/mwg-core.errors.log:[2012-02-24 03:37:53.696 +01:00] [CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL for CA with digest 'd29f6c98befc6d986521543ee8be56cebc288cf3' ('error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag')
it is the CA called "TC TrustCenter for Security in Data Networks GmbH", expired in July 2011. You can remove the CA or the CRL link, this should stop the message from appearing.
Thanks very much Andre!!!!!
Would you be so kind as to provide me with the CA that is giving me this error?
[CertificateFilterPlugin] [CannotLoadCRL] Cannot load CRL for CA with digest '24ba6d6c8a5b5837a48db5fae919ea675c94d217' ('error:0D0680A8:asn1 encoding ro utines:ASN1_CHECK_TLEN:wrong tag')
Thank you for your assistance,
IPS Seguridad CA - IPS SERVIDORES
It is expired since Dec 29 23:21:07 2009 GMT.
Let me know if you were able to find it.
Thank you for the quick reply. I have found the CA. Is it strange that the error only started to appear on 4 April since it expired in 2009?
I assume the server hosting the CRL list was still up and running. Probably they have shutdown this system now :-)