CA and CRLs
Last updated: January 2nd, 2007
- Note: we use the directory :/home/fvlingen/tmp/newest in this note.
- Go to: http://www.eugridpma.org/distribution/igtf/current/
- Go to the "accredited" directory and download the latest tar file (igtf-policy...).
- Untar it.
- make a directory called "certificates"
- cd to this untarred directory.
- Give the following command: ./configure --with-profile=classic --with-profile=slcs --prefix=/home/fvlingen/tmp/newest/certificates
- Do a make install
- cd one directory up.
- Go to: http://www.eugridpma.org/distribution/util/fetch-crl/
- wget the latest tar file version.
- Untar it.
- cd to the untarred directory.
- Edit the fetch-crl.sysconfig file and point the CRLDIR to the directory to which you downloaded the certificates.
- Give the following command: make install PREFIX=/home/fvlingen/tmp/newest/fetch-crl This installs a fetch-crl script.
- cd to the directory where you downloaded your certificates.
- Give the following command: /home/fvlingen/tmp/newest/fetch-crl/sbin/fetch-crl . The script will use the certificates in the directory and fetch the appropiate crls (try fetch-crl --help for more options).
- Its left as an exercise to the reader to automate this using cron scripts and downloading the crls and CAs to the proper default dirs (e.g. /etc/grid-certificates)