guide:Certificates/CA

From Dgiref
Jump to: navigation, search

The directory /etc/grid-security/certificates contains the CA certificates.

Current procedure to install the CAs certificates is the follow:

  1. download the repo file from http://mirror.scc.kit.edu/downloads/yum.repo
  2. to update/install the CAs cleaning yum cache with the command: yum clean cache metadata
  3. install CA rpms with yum

There are some options for CA certificates, consider:

  • to install only the LCG CAs use lcg-CA repository
  • to install more then LCG CAs use EUGridPMA repository

It is not necessary to install CA packages into the CE nodes, while they have already. But to use CAs certificates on another server (e.g. cfengine master host) do:

lcg-CA 

su
wget -O /etc/yum.repos.d/lcg-CA.repo http://svn.rz.uni-karlsruhe.de/svn/dgiref/PROD/repl/root/etc/yum.repos/lcg-CA.repo
yum -y install lcg-CA

EUGridPMA 

su
wget -O /etc/yum.repos.d/eugridpma.repo http://mirror.scc.kit.edu/downloads/yum.repo/eugridpma.repo
yum install ca_policy_igtf-classic ca_policy_igtf-slcs
Retrieved from "http://dgiref.d-grid.de/wiki/guide:Certificates/CA"
Personal tools