CURRENT (as of October 17, 2007) TERAGRID APPROVED CAs: DOE SCIENCE GRID: ----------------- [Updated signing certificates (validity dates extended) & signing_policies for DOEGrids and ESnet, and crl_url for ESnet, Nov 3, 2006] 1c3f2ca8.0 /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 1c3f2ca8.crl_url http://pki1.doegrids.org/CRL/doegrids.crl 1c3f2ca8.signing_policy d1b603c3.0 /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1 d1b603c3.crl_url http://www.es.net/CA/d1b603c3/d1b603c3.r0 d1b603c3.signing_policy IRISGrid (Spain): ----------------- 9dd23746.0 DC=es, DC=irisgrid, CN=IRISGridCA 9dd23746.crl_url http://www.irisgrid.es/pki/crl/cacrl.pem 9dd23746.signing_policy NCSA: ----- [ EXPIRING Jun. 18, 2009 (cab) ] 4a6cd8b1.0 /C=US/O=National Center for Supercomputing Applications/CN=Certification Authority 4a6cd8b1.crl_url http://ca.ncsa.uiuc.edu/4a6cd8b1.r0 4a6cd8b1.signing_policy 9b95bbf2.0 C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL http://ca.ncsa.uiuc.edu/9b95bbf2.r0 9b95bbf2.signing_policy f2e89fe3.0 C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy f2e89fe3.signing_policy PITTSBURGH SUPERCOMPUTING CENTER: --------------------------------- [NEW PSC CA certificates August 17, 2006] 9b88e95b.0 subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA 9b88e95b.crl_url http://www.psc.edu/ca/crl/9b88e95b.r0 9b88e95b.signing_policy acc06fda.0 subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA acc06fda.crl_url http://www.psc.edu/ca/crl/acc06fda.r0 acc06fda.signing_policy 290a3b29.0 subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Kerberos CA 1 290a3b29.signing_policy Purdue University: ------------------ 67e8acfa.0 /CN=Purdue TeraGrid RA/OU=Purdue TeraGrid/O=Purdue University/ST=Indiana/C=US 67e8acfa.crl_url http://tg-ca.purdue.teragrid.org:8080/67e8acfa.r0 67e8acfa.signing_policy 95009ddc.0 /CN=PurdueCA/O=Purdue University/ST=Indiana/C=US 95009ddc.crl_url http://tg-ca.purdue.teragrid.org:8080/95009ddc.r0 95009ddc.signing_policy SDSC: ----- 3deda549.0 /C=US/O=SDSC/OU=SDSC-CA/CN=Certificate Authority/UID=certman 3deda549.crl_url http://www.sdsc.edu/CA/3deda549.r0 3deda549.signing_policy b89793e4.0 /C=US/O=NPACI/OU=SDSC/CN=Certificate Manager/UID=certman b89793e4.crl_url http://www.npaci.edu/CA/b89793e4.r0 b89793e4.signing_policy TACC: ----- [ New TACC CA currently under review - added now to permit testing ] 9a1da9f9.0 /C=US/O=UTAustin/OU=TACC/CN=TACC Certification Authority/UID=caman 9a1da9f9.crl_url http://www.tacc.utexas.edu/CA/CRL 9a1da9f9.signing_policy UK E-Science CA: ---------------- [ Replacement UK eScience certificates, May 2008 (mccreary) ] Retrieved from ca_UKeScienceRoot-2007-1.21.tar.gz ca_UKeScienceCA-2007-1.21.tar.gz ca_UKeScienceRoot-1.21.tar.gz ca_UKeScienceCA-1.21.tar.gz on 22May08. Web server presented certificate w/ subject: CN = dist.eugridpma.info O = NIKHEF OU = PDP Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 from authority: CN = Cybertrust Educational CA O = Cybertrust OU = Educational CA Valid from 21Feb07 until 21Feb2010 Fingerprints: SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D Updated: 367b75c3.0 367b75c3.signing_policy 98ef0ee5.0 98ef0ee5.signing_policy *.crl_url files left unchanged, only difference is .pem extension 1c1 < http://ca.grid-support.ac.uk/pub/crl/ca-crl.der --- > http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem Also verifiedi: adcbc9ef.0 adcbc9ef.signing_policy 8175c1cd.0 8175c1cd.signing_policy Note that *crl_url for these certs also differs in the extension 1c1 < http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl --- > http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem [ New UK eScience CAs November 2007 (cab) ] 367b75c3.0 subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 367b75c3.crl_url= http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem 367b75c3.signing_policy 98ef0ee5.0 subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root 98ef0ee5.crl_url= http://ca.grid-support.ac.uk/pub/crl/root-crl.pem 98ef0ee5.signing_policy [ New UK eScience CAs August 2006 ] [ As of Nov. 27, 2007 No new certificates will be issued by this CA (cab) ] [ Updated the CRL URL location to point to an unpublished PEM file (cab) ] 8175c1cd.0 subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA 8175c1cd.crl_url http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem 8175c1cd.signing_policy adcbc9ef.0 subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA adcbc9ef.crl_url http://ca.grid-support.ac.uk/pub/crl/escience-ca-crl.pem adcbc9ef.signing_policy [ UDATED Oct. 16 2007 - updated expired certificate URL (jam) ] [ REMOVED Oct. 1 2007 - purged expired certificat (cab) ] [ EXPIRING Aug 4 10:36:41 2007 GMT - no new certificates to be issued after Aug 2006 ] [ previously approved for limited use until 12/31/2003; re-added for Reality-Grid users under Bruce Boghosian (Tufts) TeraGrid project 08/18/2004 - dsimmel ] 01621954.0 /C=UK/O=eScience/OU=Authority/CN=CA/emailAddress=ca-operator@grid-support.ac.uk 01621954.crl_url http://ca.grid-support.ac.uk/cgi-bin/importCRL.pem 01621954.signing_policy University of Southern California (USC) CA & KCA: ------------------------------------------------- [ added March 2005 to facilitate SCEC project users ] 2ca73e82.0 /C=US/ST=California/L=Los Angeles/O=University of Southern California/CN=University of Southern California PKI-Lite CA, release 1/emailAddress=nmiadmin@usc.edu 2ca73e82.crl_url http://www.usc.edu/isd/services/authx/CA/2ca73e82.r0 2ca73e82.signing_policy [ USC Kerberos Certification Authority only issues short term certs for proxy use and has no Certificate Revocation List ] [ USC KCA v2 service certificate fa9c3452.0 expired March 2, 2006 - the new v3 appears below ] [ USC KCA v3 service certificate b57985f0.0 expired again on March 2, 2006, removed from the tarball, WJL] b57985f0.0 /C=US/ST=California/L=Los Angeles/O=University of Southern California/OU=Information Services Division/CN=University of Southern California KCA v3/emailAddress=nmiadmin@usc.edu b57985f0.signing_policy INFN (Italy) CA: --------------- [ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ] [ removed as it expired Sept. 18, 2007 ] 49f18420.0 /C=IT/O=INFN/CN=INFN Certification Authority 49f18420.crl_url http://security.fi.infn.it/CA/crl.pem 49f18420.signing_policy [ added on Oct. 1, 2007 to reflect the issuing of a new CA (cab) ] [ Renamed the CRL URL to reflect an upublished PEM encoded file (cab) ] 2f3fadf6.0 /C=IT/O=INFN/CN=INFN CA http://security.fi.infn.it/CA/INFNCA_crl.pem 2f3fadf6.signing_policy Dutch Grid and NIKHEF CA: ------------------------ [ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ] 16da7552.0 /C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth 16da7552.crl_url http://ca.dutchgrid.nl/medium/cacrl.pem 16da7552.signing_policy AIST (Japan) CA: --------------- [ added March 2006 for GridRPC Materials Science production runs ] a317c467.0 /C=JP/O=AIST/OU=GRID/CN=Certificate Authority a317c467.crl_url https://www.apgrid.org/CA/AIST/Production/a317c467.r0 a317c467.signing_policy