== Certificate authorities ==
To enable mutual authentication and secure communication between the QCG clients and service set of trusted CA certificates must be copied either into the /etc/grid-security/certificates directory or configured individually for every user. 

=== EGI IGTF CAs ===
Install EGI Accepted CA certificates (this also install the Polish Grid CA)
* Add appropriate YUM repository
{{{
#!div style="font-size: 90%"
{{{#!sh
cat > /etc/yum.repos.d/egi-trustanchors.repo << EOF
[EGI-trustanchors]
name=EGI-trustanchors
baseurl=http://repository.egi.eu/sw/production/cas/1/current/
gpgkey=http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
gpgcheck=1
enabled=1
EOF
}}}
}}}

* Install certificates
{{{
#!div style="font-size: 90%"
{{{#!sh
yum install ca-policy-egi-core
}}}
}}}

The above instruction is based on this [https://wiki.egi.eu/wiki/EGI_IGTF_Release manual]

=== PL-Grid Simpla-CA certificate (PL-Grid only) ===
* Add appropriate YUM repository
{{{
#!div style="font-size: 90%"
{{{#!sh
rpm -Uvh http://software.plgrid.pl/packages/repos/plgrid-repos-2010-2.noarch.rpm
}}}
}}}

* Install certificates
{{{
#!div style="font-size: 90%"
{{{#!sh
yum install ca_PLGRID-SimpleCA
}}}
}}}


=== Certificate Revocation List - CLR ===
Configure the system to periodically update the information about revoked certificates.

* Add appropriate YUM repository
{{{
#!div style="font-size: 90%"
{{{#!sh
cat > /etc/yum.repos.d/fetch-crl.repo << EOF
[EUGRIDPMA-fetch-crl]
name=EUGRIDPMA fetch-crl repository
baseurl=https://dist.eugridpma.info/distribution/util/fetch-crl3/
enabled=1
metadata_expire=300
gpgcheck=0
EOF
}}}
}}}

* Install certificate revocation list fetching utility 
{{{
#!div style="font-size: 90%"
{{{#!sh
yum install fetch-crl
}}}
}}}

* Get fresh CRLs now
{{{
#!div style="font-size: 90%"
{{{#!sh
/usr/sbin/fetch-crl -v
}}}
}}}

* Enable cron job for fetching CRLs
{{{
/etc/init.d/fetch-crl-cron start
chkconfig fetch-crl-cron on
}}}