NOTICE: This version of the NSF Unidata web site (archive.unidata.ucar.edu) is no longer being updated.
Current content can be found at unidata.ucar.edu.

To learn about what's going on, see About the Archive Site.

Re: [thredds] expired certificate on thredds.ucar.edu

  • To: "Schumacher, Russ" <Russ.Schumacher@xxxxxxxxxxxxx>, Jennifer Oxelson Ganter <oxelson@xxxxxxxx>, David Robertson <robertson@xxxxxxxxxxxxxxxxxx>
  • Subject: Re: [thredds] expired certificate on thredds.ucar.edu
  • From: "Tyle, Kevin R" <ktyle@xxxxxxxxxx>
  • Date: Mon, 1 Jun 2020 18:06:26 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=albany.edu; dmarc=pass action=none header.from=albany.edu; dkim=pass header.d=albany.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alSyBuKgYoAHtAaMtrWIgwhyjcNBLn/yzXe8MYiTpfI=; b=oYtNFjbgXOfKPIWx5xpUkHK04Mxbz/fJHa+HcZKk06onKPd27MZpSYQ20uGbqjofc+1HHbZtPgavNz3nbPeFe9ywffpGSqVfiS1Ij/2qVY2F8Ekd6NiL9oMP+t3Aa2btctDERvSffz7Q75caFIminnlofzJjULCuefatPTsT2gcntK+/bwEM0YBV8ZzK/d/zju4EFLcXa/iXuBMEUZfAU2i3DsXWZFhdwzzKclF/wPkEbxs9cCSnkR/C4Nhv14C98AQJCYL4YrhXFfqqmhmst08rSFXVZpdSXzKK2PbEe6OY0viJEKBfvxNAejme0mi8hIeTCI78nkedOq7PX8y0mQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fMQTuvVe1mIqEpfacXOEMl8aNKoZaATY15gfDh08eUz563E/OkY4kaL+3LR1Z7o4YkD232/9wvq8JtB07bUGoo51vERyKzR7MDE84JHMDxDCdod+BjCJ/SlSL0JcA/EYYkNRLZ0tQaStIN+uSRStUVdD4ppHtrE6qzSrDmvh1YVKXPzNjRtfnitsOKWjbt5D+3pktDEIIDy/Ez0k/e/PIYA1pqTENEhvEhOLkNgEiqvngTw8xh9+7oRGq5CEUTh1NGD3hmX3A/VCwFNvxQL0ZqdN4gzKcT3xsLywOPtDP+FNhbAY6AdA4X95KN4R4bJ9ftQMIQQSQGoF4TM+ee6N9Q==
  • Authentication-results: colostate.edu; dkim=none (message not signed) header.d=none; colostate.edu; dmarc=none action=none header.from=albany.edu; 
Hi everyone,

For some context, the expired certificate is widely used, thus you may expect 
to encounter similar issues on other SSL-protected services. For more info:

I have also heard reports that client computers may run into issues if they are 
behind on operating system updates (perhaps especially the case with Mac OSX 
versions earlier than Mojave or Catalina).

https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

--Kevin
_____________________________________________
Kevin Tyle, M.S.; Manager of Departmental Computing
NSF XSEDE Campus Champion
Dept. of Atmospheric & Environmental Sciences
University at Albany
Earth Science 228, 1400 Washington Avenue
Albany, NY 12222
Email: ktyle@xxxxxxxxxx<mailto:ktyle@xxxxxxxxxx>
Phone: 518-442-4578
_____________________________________________

From: thredds <thredds-bounces@xxxxxxxxxxxxxxxx> On Behalf Of Schumacher,Russ
Sent: Monday, June 1, 2020 1:33 PM
To: Jennifer Oxelson Ganter <oxelson@xxxxxxxx>; David Robertson 
<robertson@xxxxxxxxxxxxxxxxxx>
Cc: thredds@xxxxxxxxxxxxxxxx
Subject: Re: [thredds] expired certificate on thredds.ucar.edu

Thanks, Jennifer – looks like everything is working again on my end.  Much 
appreciated!

Russ


From: Jennifer Oxelson Ganter <oxelson@xxxxxxxx<mailto:oxelson@xxxxxxxx>>
Date: Monday, June 1, 2020 at 11:31 AM
To: David Robertson 
<robertson@xxxxxxxxxxxxxxxxxx<mailto:robertson@xxxxxxxxxxxxxxxxxx>>
Cc: "Schumacher,Russ" 
<Russ.Schumacher@xxxxxxxxxxxxx<mailto:Russ.Schumacher@xxxxxxxxxxxxx>>, 
"thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>" 
<thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>>
Subject: Re: [thredds] expired certificate on thredds.ucar.edu

Hello all,

Happy Monday.

As Dave mentioned, the issue was caused by the expiration of a secondary path 
to an intermediate cert file which would cause an error in certain clients 
(e.g., wget).

This has been fixed on the 
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093608719&sdata=8S2ldnTfGmTOXwkdz3YxlQPLittBYCF7VjHuZfvFDGE%3D&reserved=0>,
 
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=zBstcrJSCNOUCNnyTpwAqH96m8N4wk1DHjZuedi3HfY%3D&reserved=0>,
 
threddsbackup.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsbackup.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=VPnT0aamxmncisa76H3knqLY1BBYqFk9f47rB2hwhtM%3D&reserved=0>,
 and 
thredds-jumbo.unidata.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds-jumbo.unidata.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=gWFhIT0RI2LIQ6zZMWXDegQcRy9c4NxP6bel9gc3uiE%3D&reserved=0>
 sites.  We are working to resolve it on our other servers.

Please let me know if you have any questions!

Thanks,
Jennifer

On Mon, Jun 1, 2020 at 10:59 AM David Robertson 
<robertson@xxxxxxxxxxxxxxxxxx<mailto:robertson@xxxxxxxxxxxxxxxxxx>> wrote:
Hi Russ,

This is probably aimed more at the admins for the thredds ucar instance.

Same thing happened to some services on our computers (LDAP, SVN, GIT, etc.) 
but browsers seem unaffected. Our solution was to download a new intermediate 
cert package from incommon. We still don’t know what was expired that that has 
fixed all our issues so far.

Dave


From: thredds 
<thredds-bounces@xxxxxxxxxxxxxxxx<mailto:thredds-bounces@xxxxxxxxxxxxxxxx>> on 
behalf of "Schumacher,Russ" 
<Russ.Schumacher@xxxxxxxxxxxxx<mailto:Russ.Schumacher@xxxxxxxxxxxxx>>
Date: Monday, June 1, 2020 at 12:44 PM
To: "thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>" 
<thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>>
Subject: [thredds] expired certificate on 
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093628709&sdata=UUALExnxi3ixetkuogKlT8aIWeJFWLR6ro8hmIfEpRE%3D&reserved=0>

Hi all,

Not sure if this is the right list to use, but I noticed that some of my 
scripts that use wget to pull data from 
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093628709&sdata=zfPZw%2BHjUyAguQLLi03FvwdzGbU5eoXSttMAFpr1SpE%3D&reserved=0>
 (using NCSS) started throwing errors like this over the weekend (this uses 
threddsrc, but I also got the same error with 
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093638703&sdata=2sZZqRn37puoluefjnxCvOQY1GZEnzt44sWBVAjaUo4%3D&reserved=0>)

--2020-06-01 16:38:58--  
https://threddsrc.ucar.edu/thredds/ncss/grib/NCEP/GFS/Global_0p5deg/GFS_Global_0p5deg_20200601_0000.grib2/GC?var=Temperature_height_above_ground&vertCoord=2.0&latitude=40.5547&longitude=-105.1313&time_start=2020-06-01T00&time_duration=P3D&vertCoord=&accept=csv&point=true<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthreddsrc.ucar.edu%2Fthredds%2Fncss%2Fgrib%2FNCEP%2FGFS%2FGlobal_0p5deg%2FGFS_Global_0p5deg_20200601_0000.grib2%2FGC%3Fvar%3DTemperature_height_above_ground%26vertCoord%3D2.0%26latitude%3D40.5547%26longitude%3D-105.1313%26time_start%3D2020-06-01T00%26time_duration%3DP3D%26vertCoord%3D%26accept%3Dcsv%26point%3Dtrue&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093638703&sdata=1KLk3rKph1rglmeQ3PiN5HbYlRZtXQvKyU9RCPpzWhU%3D&reserved=0>
Resolving 
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>
 
(threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>)...
 128.117.12.33
Connecting to 
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>
 
(threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093658692&sdata=aCgoaZmKAnimcX3%2BCIW2zMjaq22ym6SYegIsB3akK%2BM%3D&reserved=0>)|128.117.12.33|:443...
 connected.
ERROR: The certificate of 
‘threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093658692&sdata=aCgoaZmKAnimcX3%2BCIW2zMjaq22ym6SYegIsB3akK%2BM%3D&reserved=0>’
 is not trusted.
ERROR: The certificate of 
‘threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093668682&sdata=5zPdKWDKPwYzM8JNXT2uiAcbm%2Bjf2D0S3NJTrREuYF4%3D&reserved=0>’
 has expired.

Any suggestions for how to resolve this would be appreciated – thanks much!

Russ




—
Russ S. Schumacher
Director, Colorado Climate Center
Colorado State Climatologist
Associate Professor, Department of Atmospheric Science
Colorado State University
e-mail: russ.schumacher@xxxxxxxxxxxxx<mailto:russ.schumacher@xxxxxxxxxxxxx>
phone: 970.491.8084
web: https://www.atmos.colostate.edu/people/faculty/schumacher/

_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web.  Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.


thredds mailing list
thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe,  visit: 
https://www.unidata.ucar.edu/mailing_lists/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.unidata.ucar.edu%2Fmailing_lists%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093668682&sdata=xNzzu%2BqSY0ikLlv5lPajR1S6DMSSekUcwF634EvL5Ak%3D&reserved=0>
  • 2020 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: