• Work Areas
• Applications
• Data Management
• VO
• Middleware
• Security
  • Best Practices
  • IGTF Trust Anchors
  • About Certificates
  • authZ and Mapping
• Support
• Monitoring
• Management

IGTF Distribution Installation/Update

The IGTF  maintains a distribution of Authority Root Certificates and related meta-information.
The SMSCG project requries that the latest available distribution be installed.

Instructions for YUM based installation:

• Make sure nordugrid repo is properly installed in /etc/yum.repo.d
• upgrade IGTF packages:

     # yum upgrade ca_policy_*

Instructions for a manual Installation

• Download the latest official IGTF distribution from the IGTF respository
  export IGTFVER=<VERSION>
  wget --no-check-certificate https://dist.eugridpma.org/distribution/igtf/current/igtf-policy-installation-bundle-$IGTFVER.tar.gz 
  wget --no-check-certificate https://dist.eugridpma.org/distribution/igtf/current/igtf-policy-installation-bundle-$IGTFVER.tar.gz.asc
• Verify the distribution signature
  gpg --verify igtf-policy-installation-bundle-$IGTFVER.tar.gz.asc igtf-policy-installation-bundle-$IGTFVER.tar.gz
  
  

  If the output of the command contains e.g.:

  gpg: Signature made Tue 02 Jun 2009 10:07:18 PM CEST using DSA key ID 3CDBBC71
  gpg: Can't check signature: public key not found
  
  

  Download the required key e.g. (this is just an example):

  gpg --recv-keys 3CDBBC71
  
  

  Repeat the verification command. The output should be similar to the following:

  gpg: Signature made Tue 02 Jun 2009 10:07:18 PM CEST using DSA key ID 3CDBBC71
  gpg: Good signature from "EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>"
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner. Primary key fingerprint: D12E 9228 22BE 64D5 0146  188B C32D 99C8 3CDB BC71
• Install IGTF ditribution
  tar xfz igtf-policy-installation-bundle-$IGTFVER.tar.gz
  cd igtf-policy-installation-bundle-$IGTFVER
  ./configure --with-install="install -m 644" --with-profile=classic --with-profile=slcs
  rm -r /etc/grid-security/certificates
  make install

  NOTE: By default, the distribution is installed in /etc/grid-security/certificates.
  The location can be changed via setting the variable X509_CERT_DIR.
  IMPORTANT: Notice that both the classic AND the slcs profiles are needed