Version 5 (modified by mmamonski, 9 years ago) (diff)

--

Certificate authorities

To enable mutual authentication and secure communication between the QCG clients and service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for every user.

EGI IGTF CAs

Install EGI Accepted CA certificates (this also install the Polish Grid CA)

  • Add appropriate YUM repository
    cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF
    [EGI-trustanchors]
    name=EGI-trustanchors
    baseurl=http://repository.egi.eu/sw/production/cas/1/current/
    gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
    gpgcheck=1
    enabled=1
    EOF
    
  • Install certificates
    yum install ca-policy-egi-core
    

The above instruction is based on this  manual

PL-Grid Simpla-CA certificate (PL-Grid only)

  • Add appropriate YUM repository
    rpm -Uvh http://software.plgrid.pl/packages/repos/plgrid-repos-2010-2.noarch.rpm
    
  • Install certificates
    yum install ca_PLGRID-SimpleCA
    

Certificate Revocation List - CLR

Configure the system to periodically update the information about revoked certificates.

  • Add appropriate YUM repository
    cat > /etc/yum.repos.d/fetch-crl.repo << EOF
    [EUGRIDPMA-fetch-crl]
    name=EUGRIDPMA fetch-crl repository
    baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/
    enabled=1
    metadata_expire=300
    gpgcheck=0
    EOF
    
  • Install certificate revocation list fetching utility
    yum install fetch-crl
    
  • Get fresh CRLs now
    /usr/sbin/fetch-crl -v
    
  • Enable cron job for fetching CRLs
    /etc/init.d/fetch-crl-cron start
    chkconfig fetch-crl-cron on