Tuesday, November 3, 2015

Announcing OSG Software versions 3.2.29 and 3.3.3


We are pleased to announce OSG Software versions 3.2.29 and 3.3.3.

The only updates in this special release are the CA certificates
based on IGTF 1.69 including the CILogon OSG CA.



WHAT IS CHANGING

A new IGTF Certificate Bundle (v1.69) has just been released.
This release has a very important change and we would like our
sites to install it as soon as they can.



WHO IS IMPACTED BY THIS CHANGE:

All OSG sites and users need to install the new CA bundle.
Especially US-Atlas and US-CMS sites should install the bundle
as soon as possible since their VOs will go under the transition
in November/December timeframe.



WHY THIS CHANGE IS HAPPENING:

The OSG CA is changing its backend service support from Digicert
to CILogon HSM. As a result, a new OSG CA is created and just
recently been accredited by IGTF. The official name of the new
OSG CA in the IGTF bundle is CILogon OSG CA. Starting in November
we will transition our VOs to start using the new OSG CA (CMS and
Atlas being first ones). If a site has not installed the CA bundle
by then, they will have authentication failures.



WHAT YOU SHOULD DO:

Install the new CA bundle as soon as possible. The latest CA bundle
will NOT be distributed in OSG Software v 3.1 because OSG no longer
supports it.

For Linux servers (including worker nodes), ensure that the
certificate bundle RPM is at version osg-ca-certs-1.50-1 or
igtf-ca-certs-1.69-1 or greater.

Instructions for installing server CA certificate bundles are at
https://twiki.grid.iu.edu/bin/view/Documentation/Release3/InstallCertAuth

We also highly recommend that you use the CA Cert automatic updater
https://twiki.grid.iu.edu/bin/view/Documentation/Release3/OsgCaCertsUpdater
but note that you need to be using a current OSG software distribution
for that to work, that is, OSG 3.2 or 3.3.



OTHER INFORMATION:

If you have the CA certificate bundle installed on a server with OSG 3.1,
you need to upgrade to OSG 3.2 or greater. Follow these instructions:
https://twiki.grid.iu.edu/bin/view/Documentation/Release3/OSGReleaseSeries#Updating_from_OSG_3_1_or_3_2_to

Please email OSG Security Team with questions or comments

Both OSG 3.2.28 and 3.3.2 contain:
   * CA certificates based on IGTF 1.69 including the OSG CILogon CA

Release notes and pointers to more documentation can be found at:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/Release3229
https://www.opensciencegrid.org/bin/view/Documentation/Release3/Release333

Need help? Let us know:

https://www.opensciencegrid.org/bin/view/Documentation/Release3/HelpProcedure

We welcome feedback on this release!