Hi everyone,
For some context, the expired certificate is widely used, thus you may expect
to encounter similar issues on other SSL-protected services. For more info:
I have also heard reports that client computers may run into issues if they are
behind on operating system updates (perhaps especially the case with Mac OSX
versions earlier than Mojave or Catalina).
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
--Kevin
_____________________________________________
Kevin Tyle, M.S.; Manager of Departmental Computing
NSF XSEDE Campus Champion
Dept. of Atmospheric & Environmental Sciences
University at Albany
Earth Science 228, 1400 Washington Avenue
Albany, NY 12222
Email: ktyle@xxxxxxxxxx<mailto:ktyle@xxxxxxxxxx>
Phone: 518-442-4578
_____________________________________________
From: thredds <thredds-bounces@xxxxxxxxxxxxxxxx> On Behalf Of Schumacher,Russ
Sent: Monday, June 1, 2020 1:33 PM
To: Jennifer Oxelson Ganter <oxelson@xxxxxxxx>; David Robertson
<robertson@xxxxxxxxxxxxxxxxxx>
Cc: thredds@xxxxxxxxxxxxxxxx
Subject: Re: [thredds] expired certificate on thredds.ucar.edu
Thanks, Jennifer – looks like everything is working again on my end. Much
appreciated!
Russ
From: Jennifer Oxelson Ganter <oxelson@xxxxxxxx<mailto:oxelson@xxxxxxxx>>
Date: Monday, June 1, 2020 at 11:31 AM
To: David Robertson
<robertson@xxxxxxxxxxxxxxxxxx<mailto:robertson@xxxxxxxxxxxxxxxxxx>>
Cc: "Schumacher,Russ"
<Russ.Schumacher@xxxxxxxxxxxxx<mailto:Russ.Schumacher@xxxxxxxxxxxxx>>,
"thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>"
<thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>>
Subject: Re: [thredds] expired certificate on thredds.ucar.edu
Hello all,
Happy Monday.
As Dave mentioned, the issue was caused by the expiration of a secondary path
to an intermediate cert file which would cause an error in certain clients
(e.g., wget).
This has been fixed on the
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093608719&sdata=8S2ldnTfGmTOXwkdz3YxlQPLittBYCF7VjHuZfvFDGE%3D&reserved=0>,
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=zBstcrJSCNOUCNnyTpwAqH96m8N4wk1DHjZuedi3HfY%3D&reserved=0>,
threddsbackup.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsbackup.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=VPnT0aamxmncisa76H3knqLY1BBYqFk9f47rB2hwhtM%3D&reserved=0>,
and
thredds-jumbo.unidata.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds-jumbo.unidata.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093618713&sdata=gWFhIT0RI2LIQ6zZMWXDegQcRy9c4NxP6bel9gc3uiE%3D&reserved=0>
sites. We are working to resolve it on our other servers.
Please let me know if you have any questions!
Thanks,
Jennifer
On Mon, Jun 1, 2020 at 10:59 AM David Robertson
<robertson@xxxxxxxxxxxxxxxxxx<mailto:robertson@xxxxxxxxxxxxxxxxxx>> wrote:
Hi Russ,
This is probably aimed more at the admins for the thredds ucar instance.
Same thing happened to some services on our computers (LDAP, SVN, GIT, etc.)
but browsers seem unaffected. Our solution was to download a new intermediate
cert package from incommon. We still don’t know what was expired that that has
fixed all our issues so far.
Dave
From: thredds
<thredds-bounces@xxxxxxxxxxxxxxxx<mailto:thredds-bounces@xxxxxxxxxxxxxxxx>> on
behalf of "Schumacher,Russ"
<Russ.Schumacher@xxxxxxxxxxxxx<mailto:Russ.Schumacher@xxxxxxxxxxxxx>>
Date: Monday, June 1, 2020 at 12:44 PM
To: "thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>"
<thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>>
Subject: [thredds] expired certificate on
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093628709&sdata=UUALExnxi3ixetkuogKlT8aIWeJFWLR6ro8hmIfEpRE%3D&reserved=0>
Hi all,
Not sure if this is the right list to use, but I noticed that some of my
scripts that use wget to pull data from
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093628709&sdata=zfPZw%2BHjUyAguQLLi03FvwdzGbU5eoXSttMAFpr1SpE%3D&reserved=0>
(using NCSS) started throwing errors like this over the weekend (this uses
threddsrc, but I also got the same error with
thredds.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthredds.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093638703&sdata=2sZZqRn37puoluefjnxCvOQY1GZEnzt44sWBVAjaUo4%3D&reserved=0>)
--2020-06-01 16:38:58--
https://threddsrc.ucar.edu/thredds/ncss/grib/NCEP/GFS/Global_0p5deg/GFS_Global_0p5deg_20200601_0000.grib2/GC?var=Temperature_height_above_ground&vertCoord=2.0&latitude=40.5547&longitude=-105.1313&time_start=2020-06-01T00&time_duration=P3D&vertCoord=&accept=csv&point=true<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fthreddsrc.ucar.edu%2Fthredds%2Fncss%2Fgrib%2FNCEP%2FGFS%2FGlobal_0p5deg%2FGFS_Global_0p5deg_20200601_0000.grib2%2FGC%3Fvar%3DTemperature_height_above_ground%26vertCoord%3D2.0%26latitude%3D40.5547%26longitude%3D-105.1313%26time_start%3D2020-06-01T00%26time_duration%3DP3D%26vertCoord%3D%26accept%3Dcsv%26point%3Dtrue&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093638703&sdata=1KLk3rKph1rglmeQ3PiN5HbYlRZtXQvKyU9RCPpzWhU%3D&reserved=0>
Resolving
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>
(threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>)...
128.117.12.33
Connecting to
threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093648695&sdata=%2BhiQpCOrofpd3%2Fmlh%2BYAogSk8WbH44iprQSp8Fii5f8%3D&reserved=0>
(threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093658692&sdata=aCgoaZmKAnimcX3%2BCIW2zMjaq22ym6SYegIsB3akK%2BM%3D&reserved=0>)|128.117.12.33|:443...
connected.
ERROR: The certificate of
‘threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093658692&sdata=aCgoaZmKAnimcX3%2BCIW2zMjaq22ym6SYegIsB3akK%2BM%3D&reserved=0>’
is not trusted.
ERROR: The certificate of
‘threddsrc.ucar.edu<https://nam01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fthreddsrc.ucar.edu%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093668682&sdata=5zPdKWDKPwYzM8JNXT2uiAcbm%2Bjf2D0S3NJTrREuYF4%3D&reserved=0>’
has expired.
Any suggestions for how to resolve this would be appreciated – thanks much!
Russ
—
Russ S. Schumacher
Director, Colorado Climate Center
Colorado State Climatologist
Associate Professor, Department of Atmospheric Science
Colorado State University
e-mail: russ.schumacher@xxxxxxxxxxxxx<mailto:russ.schumacher@xxxxxxxxxxxxx>
phone: 970.491.8084
web: https://www.atmos.colostate.edu/people/faculty/schumacher/
_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web. Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.
thredds mailing list
thredds@xxxxxxxxxxxxxxxx<mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
https://www.unidata.ucar.edu/mailing_lists/<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.unidata.ucar.edu%2Fmailing_lists%2F&data=02%7C01%7CRuss.Schumacher%40colostate.edu%7C959249d8876d45666ad808d80651a990%7Cafb58802ff7a4bb1ab21367ff2ecfc8b%7C0%7C0%7C637266295093668682&sdata=xNzzu%2BqSY0ikLlv5lPajR1S6DMSSekUcwF634EvL5Ak%3D&reserved=0>