http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.0 new file mode 100644 index 0000000..67b0cbe --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.0 @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBuMRMwEQYKCZImiZPyLGQB +GRMDRURVMRYwFAYKCZImiZPyLGQBGRMGVVRFWEFTMRQwEgYKCZImiZPyLGQBGRME +VEFDQzESMBAGA1UEChMJVVQtQVVTVElOMRUwEwYDVQQDEwxUQUNDIFJvb3QgQ0Ew +HhcNMDgxMDAyMDM1NjAyWhcNMTgwOTMwMDM1NjAyWjBuMRMwEQYKCZImiZPyLGQB +GRMDRURVMRYwFAYKCZImiZPyLGQBGRMGVVRFWEFTMRQwEgYKCZImiZPyLGQBGRME +VEFDQzESMBAGA1UEChMJVVQtQVVTVElOMRUwEwYDVQQDEwxUQUNDIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwlD+7dc8Am/rnd1bvvyW+ +UGlkXb3KxlObgmlx0RdznJvWrxCPz4/nfvk87toUX2L4fxv3/mO3Q6n0UVFc83og +oJlNh8oqNJuVotH6jg+e65XD0z4QSNSgLVAWGV/9TU93PGUALgfXJFng3VbJ/Ljb +o01RbOQjOD7e5VJIx52wlOiyaMQlaV0yZ4C5OxgpKR/X2xMtqbuCGVIieeOBJtzg +cvatyuEIZBSHA/qhX51Rqrfc8MtKeZ/Zu7K4v0RC77bolptsAg36LCRR1T9BcyJx +Gv+yj52m5bPBuJj6ALEx/CkI6fAmkDGLvtIwZJRByrN8BdXYrBme6q0NChJg1pPR +AgMAyfujgcUwgcIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjXUjaNFVmWzD +ph6G/N/EU+jlU8cwHwYDVR0jBBgwFoAUjXUjaNFVmWzDph6G/N/EU+jlU8cwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdEQQWMBSBEmNhQHRhY2MudXRleGFzLmVkdTBABgNV +HR8EOTA3MDWgM6Axhi9odHRwOi8vd3d3LnRhY2MudXRleGFzLmVkdS9DQS9UQUND +X1Jvb3RfQ1JMLmRlcjANBgkqhkiG9w0BAQUFAAOCAQEAm7B3gK4RiE50ct2cAbhT +dD1BOHXVIIb312ZlqB6IqwM+EFfo4HW82/bDbfPfF8QZMvESuRkFl0mVK5hYPT12 +VWsQC5sX6wz1ps5dgoaJ+lLZbgb3pStnN0lZEAfufMog98GM+DW6YnJaWIYpv2Mv +QbRYInGZAYWHR2GJbUjyKh2u0sJZOHJjffDL4NCUsA2thaKDcE0CG8bjwikYEVHX +j6GTY5rLsKW2NfJ8VU40dPEGjtWMOsC0HFoy27Nj5Gi2j6WpRD49EKN7+pg6Dy2I +Em9R60Sl6WhKgo//3+mg8/mZqsqCQSq5BNa7M5ltyx1RgFPoRhKlTDXLDzxVEFNk +Cg== +-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.crl_url new file mode 100644 index 0000000..7de3543 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.crl_url @@ -0,0 +1 @@ +http://www.tacc.utexas.edu/CA/684261aa.r0 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.signing_policy new file mode 100644 index 0000000..be5bf7c --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.signing_policy @@ -0,0 +1,5 @@ +# TACC Root CA Signing Policy +access_id_CA X509 '/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA' +pos_rights globus CA:sign +cond_subjects globus '"/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA" "/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA"' + http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc new file mode 100644 index 0000000..d761e0f --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc @@ -0,0 +1,18 @@ +# $Id: 684261aa.tacc.cadesc,v 1.1 2010/06/29 10:20:34 marg Exp $ + +CA_NAME TACC Root Certification Authority +HOMEPAGE http://www.tacc.utexas.edu/CA/ +CONTACT [email protected] +HASH 684261aa +# SIGNED_BY self +SUBJECT /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA +MAY_SIGN /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA +MAY_SIGN /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA +CERTIFICATE_MD5 01:46:1D:D5:80:60:5A:4B:CB:B3:61:AA:A1:3D:6C:42 +CERTIFICATE_SHA1 15:2D:FC:BA:13:11:2C:F5:65:53:AC:94:5F:89:2C:B0:E5:F6:BA:A8 +CERTIFICATE_URL http://www.tacc.utexas.edu/CA/684261aa.0 +SIGNING_POLICY_URL http://www.tacc.utexas.edu/CA/684261aa.signing_policy +# CERT_BEGINS Thu 2008-10-02 03:56:02 UTC +CERT_EXPIRES Mon 2018-09-30 03:56:02 UTC +CRL_URL http://www.tacc.utexas.edu/CA/684261aa.r0 + http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc.sig ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc.sig b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc.sig new file mode 100644 index 0000000..d6009dd --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/684261aa.tacc.cadesc.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- +Version: 9.10.0.500 + +iQEVAwUATCotdbY5Ggxzc9voAQgWnQf/TEBiJR8v+kpIcH2iAVuPRvrb/d//PBik +tI3bHzllrmuf5CsI0fGh9/4NPjmlNdV2BgcR1N80pHZqXP4kpnNIwF75IevTmvaz +mkWlumpuA/cs4nPmmMR3PkTFOHfYmYUXn56MivbxTtevYLeKF23sNGSszfzL3amq +0fCn5T9aoldF0Tw+so2t05r0MXN3jPiBlDn5u5oQBNXNXmEoXdO1OdB/Re3oDzwS +0W1fA7vObyzpiXZ1EOnMhfqt3MGJEQfUtDtqrLCJz2kPukn9JdsD9qWkKEYD8p4E +LYhXDRnamCEFhb+gZgrY9AzYzG+sVdseeB1GlsZNoq2j62yXeDVE6Q== +=hthG +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.0 new file mode 100644 index 0000000..2731638 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.0 @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.crl_url new file mode 100644 index 0000000..9f3e51e --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.crl_url @@ -0,0 +1,2 @@ +http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl +http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.info ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.info b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.info new file mode 100644 index 0000000..3d45cbb --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.info @@ -0,0 +1,11 @@ +# +# Information for:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA +# +alias = DigiCertAssuredIDRootCA-Root +ca_url = http://www.DigiCert-Grid.com/DigiCertAssuredIDRootCA_text.txt +crl_url = http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl;http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl +email = [email protected] +status = accredited:classic +url = http://www.digicert-grid.com/ +version = 1.44 +sha1fp.0 = 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.namespaces ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.namespaces b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.namespaces new file mode 100644 index 0000000..c5a0773 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.namespaces @@ -0,0 +1,13 @@ +############################################################################## +#NAMESPACES-VERSION: 1.0 +# +# @(#)69105f4f.namespaces +# CA alias : DigiCertAssuredIDRootCA-Root +# subord_of: +# subjectDN: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA +# hash : 69105f4f +# (generated automatically from 69105f4f.signing_policy) +# +TO Issuer "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA" \ + PERMIT Subject "/C=US/O=DigiCert Grid/OU=www.digicert.com/CN=DigiCert Grid Trust CA" + http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.signing_policy new file mode 100644 index 0000000..481b05e --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/69105f4f.signing_policy @@ -0,0 +1,4 @@ +# DigiCert Assured ID Root CA Signing Policy (Public Trust Anchor) +access_id_CA X509 '/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA' +pos_rights globus CA:sign +cond_subjects globus '"/C=US/O=DigiCert Grid/OU=www.digicert.com/CN=DigiCert Grid Trust CA"' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/7ae34d87.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/7ae34d87.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/7ae34d87.0 new file mode 100644 index 0000000..e5feff8 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/7ae34d87.0 @@ -0,0 +1,41 @@ +-----BEGIN CERTIFICATE----- +MIIHPDCCBSSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgTAklOMRQwEgYDVQQHEwtCbG9vbWluZ3RvbjEbMBkGA1UEChMSSW5k +aWFuYSBVbml2ZXJzaXR5MRQwEgYDVQQLEwtFeHRyZW1lIExhYjENMAsGA1UEAxME +T0dDRTEkMCIGCSqGSIb3DQEJARYVZHJsZWFkQGNzLmluZGlhbmEuZWR1MB4XDTA3 +MTEwNTE4NTk0N1oXDTE3MTEwMjE4NTk0N1owgZgxCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJJTjEUMBIGA1UEBxMLQmxvb21pbmd0b24xGzAZBgNVBAoTEkluZGlhbmEg +VW5pdmVyc2l0eTEUMBIGA1UECxMLRXh0cmVtZSBMYWIxDTALBgNVBAMTBE9HQ0Ux +JDAiBgkqhkiG9w0BCQEWFWRybGVhZEBjcy5pbmRpYW5hLmVkdTCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAOVnB2jRSujnvmDSy/NhM1E02qCw/xNra2TD +gKw9ePxfAFdGeqekVcW4qog/idWPU15HFF4XNV5XZeFq6yskDDc4MxY304PHqUhw +M826ES/cuVnsPEMLcI08HIOeD+FoO4OWA5uIBI1HPre5c4N5/PprFC0c3jgFb6uy +1PBOVWex7FGSXGsnDt8AswnTbMhHYLz+G+CP+Xs52tCkG9Xduv5BxH85Fc3lhVRK +X3pajPyM4xWTzT1pcNmV8AjeMgjO5blp3HTD2A0q8WiN7Bu17vYgilKptiy4TPcw +MKqDkzFkWm9T85ReNCqxFl24wrd02XJ7QjPjPMjjp7io4CX1zStFS9U1azHZj7tk +cKeIxFV+RkURyDVhF3hAyXxzSR8OyBRYn6cIGJVsgJm2oqgVdqZ3VybGB/uvXVNc +sG5L6zbKlRBYz9N7Pucd+K2dG28nf7MPn2paFtHeJczdmRg+cOEx5hS6IRw0htWT +YbhGLlYnZGhX3zYGzk8b+6CZ6/ypQ12cJ+ZOsW1cYn8z1wcInd1FF34rL9RXuRAw +BSdYnmBszMB0XuIeIUM0i5bhWirWTJu1deBkKnHn4uPiTw9D5W64Rh3ROrIOm8Z0 +Tzhm/9xseIqKJLjnwbsW7+EGzSv9AfVyajWl0e7psxEqbhWJDoVgHwA4rw5DJZVs +5yWB078hAgMBAAGjggGNMIIBiTAdBgNVHQ4EFgQU+t27NMntf70uULM+gMlUjx06 +JYEwgcUGA1UdIwSBvTCBuoAU+t27NMntf70uULM+gMlUjx06JYGhgZ6kgZswgZgx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTjEUMBIGA1UEBxMLQmxvb21pbmd0b24x +GzAZBgNVBAoTEkluZGlhbmEgVW5pdmVyc2l0eTEUMBIGA1UECxMLRXh0cmVtZSBM +YWIxDTALBgNVBAMTBE9HQ0UxJDAiBgkqhkiG9w0BCQEWFWRybGVhZEBjcy5pbmRp +YW5hLmVkdYIBADAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjARBglghkgB +hvhCAQEEBAMCAQYwIAYDVR0RBBkwF4EVZHJsZWFkQGNzLmluZGlhbmEuZWR1MCAG +A1UdEgQZMBeBFWRybGVhZEBjcy5pbmRpYW5hLmVkdTArBglghkgBhvhCAQ0EHhYc +VGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQQFAAOCAgEA +3/3bvyJ07hEHr1tBlmpScNLhbN2Ks9IpsfcvsexLabNjcY0BXC4rCLRdA4dL15HP +K6yNpLhB6xAFghmBrbyboWmOj3w28rf5E3W4/ff5eOrX6TIHny6sW3DJdKDI+yxN +h9UpZzh6/aX5UEYgt/plyiRvQnb2h9EZj6raZ9YCYEkc1UJr7x+9keQREhAts9gT +0jSO+XvpCtr+6QZSwiyR7FUlT/RfmrxD9UMTJmMfZudzXxVWKIE3fQk+DjRvwc6U +A4aXWoZOs4K+xsP8EP8nPsPmVcywmRWcmlostepbvaj1zdW1fYQefl3BOiSTtcd/ +Xn26sPvhaT3Eukm1NsaFGkkIF8HjnaZ7hHpuJq71Oj8pYzgBBM9peszjcpYWfnh/ +q4cx0RnEIV8VTgcfwOoG8h4ZjY76VlkWK4FHAoF4dZqKx+oHu+DMQ1x0sGC8g07g +uw801E4JqytNgvx5XAze+yCK6FvD4LY36L87cQlx8XIgbzakOEg8qm9jjkCukhVp +2z5TCkOjjYzbRVYkj3g5T+0b3t8JE5N4VJNGoDidBTewzEN3Iwc7RlmYbGaO+Ov8 +pp52cOYpfefnPgj3wOiJ1hyaRatgRg4PtuVSr6poX+EgPrwmxmEQfrMqSeNojjCT +MKrx1hSf+2SlducRUXrGNDzJIphjAT+42mPifAd2AaQ= +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/826e2611.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/826e2611.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/826e2611.0 new file mode 100644 index 0000000..abdadbb --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/826e2611.0 @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAgigAwIBAgIBADANBgkqhkiG9w0BAQQFADByMRUwEwYDVQQKEwxPR0NF +IEdhdGV3YXkxGzAZBgNVBAsTEkluZGlhbmEgVW5pdmVyc2l0eTEjMCEGA1UECxMa +b2djZXBvcnRhbC5pdS50ZXJhZ3JpZC5vcmcxFzAVBgNVBAMTDk9HQ0UgUG9ydGFs +IENBMB4XDTEwMDMxNjA2MDkyOVoXDTE1MDMxNTA2MDkyOVowcjEVMBMGA1UEChMM +T0dDRSBHYXRld2F5MRswGQYDVQQLExJJbmRpYW5hIFVuaXZlcnNpdHkxIzAhBgNV +BAsTGm9nY2Vwb3J0YWwuaXUudGVyYWdyaWQub3JnMRcwFQYDVQQDEw5PR0NFIFBv +cnRhbCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3jcH6UdRa83mHspE +fzUG82te182vmYcXrPjmsbItkZuF92zKAq8fvkX6nkLZ25Ud2RxS7KZg6PzmDyFZ +1zmYrrIkLceTOs/cO4kwIgYa7jrU6Zy6yFWoBF7m/AjY39e/QRYYMmHeAltpVjMh +M3GbffHwr3GwlDabw0Jsy0uPNbUCAwEAAaNFMEMwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUyDvpRbheLFkQBIvl4dcBd/V9rGswEQYJYIZIAYb4QgEBBAQDAgAH +MA0GCSqGSIb3DQEBBAUAA4GBAFNtHtI16EAkNBEjxKh6XEaYYLD7LBIWJXcCPAEp +w0gpb9rKIxsT+QIFwe6Xy0Q1NvK/6N5ExqYXI7ywrjoa4QKzn/6l/Cs1/1coj+7W +lDgTuBa1Cuy3h1TEfwdQqaqAs3ww1nkxy6E6vEpOsW6glhNt2t9siab8CMof02PE +30w3 +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.0 new file mode 100644 index 0000000..0db2d50 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.0 @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIIfK7xzu2VnMcwDQYJKoZIhvcNAQEFBQAwTjERMA8GA1UE +AxMIUHVyZHVlQ0ExGjAYBgNVBAoTEVB1cmR1ZSBVbml2ZXJzaXR5MRAwDgYDVQQI +EwdJbmRpYW5hMQswCQYDVQQGEwJVUzAeFw0wNDA4MjcxOTU0MjVaFw0xNDA4MjUy +MDA0MjVaME4xETAPBgNVBAMTCFB1cmR1ZUNBMRowGAYDVQQKExFQdXJkdWUgVW5p +dmVyc2l0eTEQMA4GA1UECBMHSW5kaWFuYTELMAkGA1UEBhMCVVMwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtmI9d0ae83l6Xj3xXSUd1bf/NofrEs7HP +m/F2sNZ8YU4Fc0gXtqsOK0dbH6cJ4QK4S7TM3/TPYgAToSikJP7cY5UtYy5yI/QR +Kq7qTQhWGewZ+LJns2uV0u7aqdS2QWZavF60BJTdus2qAHJ6LBw6CSnodCi8I1iM +WEdovuD63SDKpumhSaSeWjf1p+TJ2zkLc7nHNUk6Qj9+etqhm2dD6W5zW3HqMp5L +GQuBWq3BYn3UHEq4MtLShxM6dgZFsNW3494fAB44ksjuEBD5gknPvCW73AflQqvf +VGVKhRsiiRYITCvNSts/vNtxEJq06mcBjgKhzOV4tPctowp7973pAgMBAAGjgYMw +gYAwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDB4YAMB0GA1UdDgQWBBTs +KyexatgCqLr4zNFtwqf1kmFtmDAfBgNVHSMEGDAWgBTsKyexatgCqLr4zNFtwqf1 +kmFtmDAcBgNVHSAEFTATMBEGDysGAQQBolgECQQBAQECATANBgkqhkiG9w0BAQUF +AAOCAQEAQJqxok2NXXhOYmZKU5RNZloj5HWctzyxh9e0izyCQd6FHq2A17o6nQ2w +wNGiWLJ9wLSX7KhlMb5R1b2gpFyF16lPFZVbzIlzebq91GM2LXA91vHkKE+xHqMG +U7IIGg50VQcun6NvF1R+mMDEixRU34k8TW7csTqJGwSw8wx1vgenp2hmJ+cHGS05 +gDDgDAL3UqpD266fzDSlqy0IDwWDuBt0b3f66F6W1KCzEb5PTl/q63cIyzDpp7u4 +WNr7ZtQb5X5a3Luw0+BzGRt+ykFTvJx4oCqYSjAjB/lrA8uYmdxHZ8141qswd8Rs +HXUNDV05AFpnifbWg0MTKkaW3GZ2rw== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.crl_url new file mode 100644 index 0000000..ea13475 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.crl_url @@ -0,0 +1 @@ +http://tg-ca.purdue.teragrid.org:8080/95009ddc.r0 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.signing_policy new file mode 100644 index 0000000..231b339 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/95009ddc.signing_policy @@ -0,0 +1,3 @@ +access_id_CA X509 '/CN=PurdueCA/O=Purdue University/ST=Indiana/C=US' +pos_rights globus CA:sign +cond_subjects globus '/CN=Purdue TeraGrid RA/OU=Purdue TeraGrid/O=Purdue University/ST=Indiana/C=US' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.0 new file mode 100644 index 0000000..0209f19 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.0 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDhjCCAm6gAwIBAgIBADANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJVSzEV +MBMGA1UEChMMZVNjaWVuY2VSb290MRIwEAYDVQQLEwlBdXRob3JpdHkxGjAYBgNV +BAMTEVVLIGUtU2NpZW5jZSBSb290MB4XDTA3MTAzMDA5MDAwMFoXDTI3MTAzMDA5 +MDAwMFowVDELMAkGA1UEBhMCVUsxFTATBgNVBAoTDGVTY2llbmNlUm9vdDESMBAG +A1UECxMJQXV0aG9yaXR5MRowGAYDVQQDExFVSyBlLVNjaWVuY2UgUm9vdDCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3ORtmmUHotwDTfAH5/eIlo3+BK +oElDeaeN5Sg2lhPu0laPch7pHKSzlqyHmZGsk3fZb8hBmO0lD49+dKnA31zLU6ko +Bje1THqdrGZPcjTm0lhc/SjzsBtWm4oC/bpYBACliB9wa3eSuU4Rqq71n7+4J+WO +KvaDHvaTdRYE3pyie2Xe5QTI8CXedCMh18+EdFvwlV79dlmNRNY93ZWUu6POL6d+ +LapQkUmasXLjyjNzcoPXgDyGauHOqmyqxuPx4tDTsC25nKr+7K5k3T+lplJ/jMkQ +l/QHgqnABBXQILzzrt0a8nQdM8ONA+bht+8sy4eN/0zMulNj8kAzrutkhJsCAwEA +AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FF74G0imd2spPC4AUzMrY6J7fpPAMB8GA1UdIwQYMBaAFF74G0imd2spPC4AUzMr +Y6J7fpPAMA0GCSqGSIb3DQEBBQUAA4IBAQCT0a0kcE8oVYzjTGrd5ayvOI+vbdiY +MG7/2V2cILKIts7DNdIrEIonlV0Cw96pQShjRRIizSHG5eH1kLJcbK/DpgX6QuPR +WhWR5wDJ4vaz0qTmUpwEpsT9mmyehhHbio/EsYM7LesScJrO2piD2Bf6pFUMR1LC +scAqN7fTXJSg6Mj6tOhpWpPwM9WSwQn8sDTgL0KkrjVOVaeJwlyNyEfUpJuFIgTl +rEnkXqhWQ6ozArDonB4VHlew6eqIGaxWB/yWMNvY5K+b1j5fdcMelzA45bFucOf1 +Ag+odBgsGZahpFgOqKvBuvSrk/8+ie8I2CVYwT486pPnb5JFgHgUfZo8 +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.crl_url new file mode 100644 index 0000000..4d8d0ed --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.crl_url @@ -0,0 +1 @@ +http://ca.grid-support.ac.uk/pub/crl/root-crl.pem http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.signing_policy new file mode 100644 index 0000000..42fd7a3 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/98ef0ee5.signing_policy @@ -0,0 +1,4 @@ +# @(#)$Id: 98ef0ee5.signing_policy,v 1.2 2011/06/26 08:41:27 pmacvsdg Exp $ + access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' + pos_rights globus CA:sign + cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA" "/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2A" "/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA 2B"' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.0 new file mode 100644 index 0000000..3f95f09 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.0 @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, O=Pittsburgh Supercomputing Center, CN=PSC Root CA + Validity + Not Before: Aug 17 16:46:13 2006 GMT + Not After : Mar 17 05:00:00 2016 GMT + Subject: C=US, O=Pittsburgh Supercomputing Center, CN=PSC Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:d0:d7:21:a6:fd:53:92:ad:4d:86:95:5b:c3:21: + 02:b1:8e:67:22:c5:04:cd:8a:b8:03:66:20:76:12: + 70:77:8e:78:a6:79:04:e3:cb:2b:ed:cb:6a:16:5d: + fe:24:4c:c3:19:8a:ad:9b:be:ce:7a:26:65:3f:04: + db:3d:81:cc:92:91:ae:0a:9c:b1:a5:72:c3:45:0a: + 0b:01:01:af:2f:50:f8:6d:ef:c7:1a:8d:8c:c6:39: + 71:c5:dd:41:9f:f8:56:06:17:d0:14:b4:64:51:ab: + 00:b9:c0:6d:d0:3a:42:1c:4f:3e:1d:fa:f5:77:41: + bc:7e:02:20:62:e4:6d:33:02:73:17:f8:31:e0:47: + f7:8b:fe:20:4e:38:ca:b8:ff:eb:2f:68:e3:17:cb: + 7b:ca:41:f6:e5:a9:9d:b5:4c:37:09:f3:fc:58:2e: + a8:ef:43:5a:78:af:c3:05:56:32:00:55:80:fc:6c: + 8c:15:bb:b6:25:f6:6d:e3:21:05:4b:ad:53:15:7f: + 5b:39:c8:f2:f6:b5:b3:13:36:dc:15:fd:57:39:74: + 4b:9c:bd:8e:04:23:7c:34:4e:2e:3a:de:32:c7:45: + dd:e6:37:de:52:3a:2c:b3:58:71:cc:3e:3a:e0:0c: + 3e:0b:59:a0:03:d1:b4:35:8c:ac:8e:51:56:40:5c: + 21:57 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 08:4A:92:96:A5:B0:0B:1D:9F:D9:2F:E9:52:7D:19:97:CF:80:6A:41 + X509v3 Authority Key Identifier: + keyid:08:4A:92:96:A5:B0:0B:1D:9F:D9:2F:E9:52:7D:19:97:CF:80:6A:41 + DirName:/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA + serial:01 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: sha1WithRSAEncryption + 8f:fd:1a:5a:43:e7:da:52:06:07:e6:dd:c9:92:b3:ca:b8:58: + 70:75:1a:4a:89:b3:15:c2:0d:f2:40:50:31:32:d6:aa:04:0e: + 7f:62:59:a2:2b:96:3e:bd:4d:ec:2f:f5:3e:cc:0b:14:39:b5: + e0:fc:cd:7d:c7:24:b4:bc:ec:21:20:41:be:25:f3:91:ed:57: + ac:8c:62:6e:32:a5:5b:c8:e1:43:46:76:e0:e2:16:a1:32:a9: + c4:17:25:5a:9e:2c:9a:af:83:0c:4b:28:6a:72:a3:29:dc:b3: + 91:c4:b4:f3:ea:3a:99:7c:64:e7:a3:a4:db:f1:47:2f:f0:68: + b5:4b:09:6b:27:e3:95:22:d8:05:d6:89:08:f5:7e:56:2c:b6: + ab:79:62:0d:76:56:74:0d:c8:c2:25:fe:5e:7e:de:45:35:92: + 54:55:5d:eb:a3:37:80:85:87:12:c6:bd:de:23:6a:58:3b:0e: + 36:69:02:85:2a:cf:ee:f1:5c:be:b4:95:84:e3:3b:a5:58:f9: + 47:ac:de:2a:10:60:16:ac:4f:dc:2e:8c:73:51:88:4a:5d:8c: + 9e:36:84:9f:ea:92:14:32:0d:9a:96:d7:34:8a:d2:fd:61:e5: + a8:28:62:c4:b5:ba:22:9c:11:37:0a:08:dc:5e:a0:d0:82:67: + 33:fd:ec:a8 +-----BEGIN CERTIFICATE----- +MIID0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEp +MCcGA1UEChMgUGl0dHNidXJnaCBTdXBlcmNvbXB1dGluZyBDZW50ZXIxFDASBgNV +BAMTC1BTQyBSb290IENBMB4XDTA2MDgxNzE2NDYxM1oXDTE2MDMxNzA1MDAwMFow +TjELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIFBpdHRzYnVyZ2ggU3VwZXJjb21wdXRp +bmcgQ2VudGVyMRQwEgYDVQQDEwtQU0MgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANDXIab9U5KtTYaVW8MhArGOZyLFBM2KuANmIHYScHeO +eKZ5BOPLK+3LahZd/iRMwxmKrZu+znomZT8E2z2BzJKRrgqcsaVyw0UKCwEBry9Q ++G3vxxqNjMY5ccXdQZ/4VgYX0BS0ZFGrALnAbdA6QhxPPh369XdBvH4CIGLkbTMC +cxf4MeBH94v+IE44yrj/6y9o4xfLe8pB9uWpnbVMNwnz/FguqO9DWnivwwVWMgBV +gPxsjBW7tiX2beMhBUutUxV/WznI8va1sxM23BX9Vzl0S5y9jgQjfDROLjreMsdF +3eY33lI6LLNYccw+OuAMPgtZoAPRtDWMrI5RVkBcIVcCAwEAAaOBuzCBuDAdBgNV +HQ4EFgQUCEqSlqWwCx2f2S/pUn0Zl8+AakEwdgYDVR0jBG8wbYAUCEqSlqWwCx2f +2S/pUn0Zl8+AakGhUqRQME4xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBQaXR0c2J1 +cmdoIFN1cGVyY29tcHV0aW5nIENlbnRlcjEUMBIGA1UEAxMLUFNDIFJvb3QgQ0GC +AQEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF +BQADggEBAI/9GlpD59pSBgfm3cmSs8q4WHB1GkqJsxXCDfJAUDEy1qoEDn9iWaIr +lj69Tewv9T7MCxQ5teD8zX3HJLS87CEgQb4l85HtV6yMYm4ypVvI4UNGduDiFqEy +qcQXJVqeLJqvgwxLKGpyoyncs5HEtPPqOpl8ZOejpNvxRy/waLVLCWsn45Ui2AXW +iQj1flYstqt5Yg12VnQNyMIl/l5+3kU1klRVXeujN4CFhxLGvd4jalg7DjZpAoUq +z+7xXL60lYTjO6VY+Ues3ioQYBasT9wujHNRiEpdjJ42hJ/qkhQyDZqW1zSK0v1h +5agoYsS1uiKcETcKCNxeoNCCZzP97Kg= +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.crl_url new file mode 100644 index 0000000..7b35afc --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.crl_url @@ -0,0 +1 @@ +http://www.psc.edu/ca/crl/9b88e95b.r0 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.psc-root.cadesc ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.psc-root.cadesc b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.psc-root.cadesc new file mode 100644 index 0000000..c62d15d --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.psc-root.cadesc @@ -0,0 +1,15 @@ +CA_NAME PSC Root Certificate Authority +HOMEPAGE http://www.psc.edu/ca/ +CONTACT [email protected] +HASH 9b88e95b +# SIGNED_BY self +SUBJECT /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA +MAY_SIGN /C=US/O=Pittsburgh Supercomputing Center/* +CERTIFICATE_MD5 A4:DC:F4:AB:62:B1:6B:8C:90:78:03:94:A6:8E:B9:5A +CERTIFICATE_SHA1 76:14:59:94:16:2B:E2:05:C9:16:3F:85:8E:7C:70:EE:B9:DD:84:50 +CERTIFICATE_URL http://www.psc.edu/ca/cert/9b88e95b.0 +SIGNING_POLICY_URL http://www.psc.edu/ca/cert/9b88e95b.signing_policy +CRL_URL http://www.psc.edu/ca/crl/9b88e95b.r0 +# CERT_BEGINS Thu 2006-08-17 16:46:13 UTC +CERT_EXPIRES Thu 2016-03-17 05:00:00 UTC + http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.signing_policy new file mode 100644 index 0000000..003cafe --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b88e95b.signing_policy @@ -0,0 +1,3 @@ + access_id_CA X509 '/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA' + pos_rights globus CA:sign + cond_subjects globus '"/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Web Services CA"' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.0 new file mode 100644 index 0000000..6f3a823 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.0 @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzjCCAragAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJVUzE4 +MDYGA1UEChMvTmF0aW9uYWwgQ2VudGVyIGZvciBTdXBlcmNvbXB1dGluZyBBcHBs +aWNhdGlvbnMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMQ0wCwYD +VQQDEwRDQUNMMB4XDTA3MDQyNDE5MjMxOFoXDTI3MDQyNDE5MjMxOFoweDELMAkG +A1UEBhMCVVMxODA2BgNVBAoTL05hdGlvbmFsIENlbnRlciBmb3IgU3VwZXJjb21w +dXRpbmcgQXBwbGljYXRpb25zMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3Jp +dGllczENMAsGA1UEAxMEQ0FDTDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMphpcSwjIJX1bIAo2TIvsi7o10LNneEqnT0MtpoXBWsXu0eS7ax3yZMO46q +RPxLgm6BVa7CIwzQ/CuNOP8RjrZdts9VTejwV/CujVQ63B5UZUbIbV9MPG2MRt2b +4rm3fnjKJQ2jK8AFybZ0JqtK1xVFqkTla6mAvp/C1Z7XBWnZrGtoOttNU2EdKQlv +BcTxrtgQklNHmH8TSnhpc3PG0MKeMyG06Hu+4HMPPKamJtwXh4Dq0rtIYDVvHdCw +Ymnag9XAaMMI9Gl9vSpGzsHz2uJJ0qc0TeatgBNVgFOf6qvO40ByKLIZ7rsR4lkM +pQmIiCYfRbjEME1yPPwKI28o66ECAwEAAaNjMGEwHQYDVR0OBBYEFLFflv/hqTeo +cXgjPOFT7eiZuxm3MB8GA1UdIwQYMBaAFLFflv/hqTeocXgjPOFT7eiZuxm3MA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB +AQDCA9SOVNKMhlEJQcMTkgj7fZvUGqcb/ST50IAaaq+5AAEocUdyC9QPuXYzFilf +aCdEvk3uSjdFdIHPjAr6eu/zOtXanhNFGPPsJX+9WOMNP8qcirVYex3VSSclqiCA ++PjbdC4AecfgrEnUOQFEJ7xexa7l7OOvwUfbVPp0B9R6DqCZAVShgLdu1Ce5JUZL +A26lVMmukVUWUZkuyzDTuBQwCssw0+oab4fyuTnBmRTRGAp/Fgdne9wWDMEqrhak +vFiAa0lMYGI2U+qYVrKUzAR+Do8LWKawkko7bHRWj/yibbctkGzMGrq6ZQcHokZi +yZEU14uKctMk7IJGnn0Lm6DQ +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.crl_url new file mode 100644 index 0000000..982dc9a --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.crl_url @@ -0,0 +1 @@ +http://ca.ncsa.uiuc.edu/9b95bbf2.r0 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.signing_policy new file mode 100644 index 0000000..c1bc499 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9b95bbf2.signing_policy @@ -0,0 +1,3 @@ +access_id_CA X509 '/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=CACL' +pos_rights globus CA:sign +cond_subjects globus '"/C=US/O=National Center for Supercomputing Applications/OU=Services/CN=*" "/C=US/O=National Center for Supercomputing Applications/OU=People/CN=*"' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.0 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.0 b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.0 new file mode 100644 index 0000000..172e501 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.0 @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlDCCBHygAwIBAgIBADANBgkqhkiG9w0BAQUFADBDMRIwEAYKCZImiZPyLGQB +GRYCZXMxGDAWBgoJkiaJk/IsZAEZFghpcmlzZ3JpZDETMBEGA1UEAxMKSVJJU0dy +aWRDQTAeFw0wNTA2MjgwNTAyMjhaFw0xNTA2MjYwNTAyMjhaMEMxEjAQBgoJkiaJ +k/IsZAEZFgJlczEYMBYGCgmSJomT8ixkARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJ +UklTR3JpZENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CQiWlff +ajoMSTuismKqLQ+Mt33Tq4bBpCZvCBXhqan1R0ksILPtK1L7C8QWqPk6AZZpuNmY +cNVtJGc8ksgDWvX0EB3GKwZTZ8RrSRlSEe9Otq+Ur7S9uxM1JMmCr6zZTMFANzBS +4btnduV78C09IhFYG4OW8IPhNrbfPaeOR+PRPAa/qdSONAwTrM1sZkIvGpAkBWM6 +Pn7TK9BAK6GLvwgii780fWj3Cwgmp8EDCTievBbWj+z8/apMEy9R0vyB2dWNNCnk +6q8VvrjgMsJt33O3BqOoBuZ8R/SS9OFWLFSU3s7cfrRaUSJk/Mx8OGFizRkcXSzX +0Nidcg7hX5i78wIDAQABo4ICkTCCAo0wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E +FgQUnUJkLlupXvH/bMg8NtPxtkOYrRowawYDVR0jBGQwYoAUnUJkLlupXvH/bMg8 +NtPxtkOYrRqhR6RFMEMxEjAQBgoJkiaJk/IsZAEZFgJlczEYMBYGCgmSJomT8ixk +ARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJUklTR3JpZENBggEAMA4GA1UdDwEB/wQE +AwIBxjARBglghkgBhvhCAQEEBAMCAAcwOwYJYIZIAYb4QgENBC4WLElSSVNHcmlk +IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlcnRpZmljYXRlMIGZBgNVHR8EgZEw +gY4wLqAsoCqGKGh0dHA6Ly93d3cuaXJpc2dyaWQuZXMvcGtpL2NybC9jYWNybC5w +ZW0wXKBaoFiGVmxkYXA6Ly9sZGFwLmlyaXNncmlkLmVzOjEzODAvY249SVJJU0dy +aWRDQSxkYz1pcmlzZ3JpZCxkYz1lcz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0 +MDcGCWCGSAGG+EIBAwQqFihodHRwOi8vd3d3LmlyaXNncmlkLmVzL3BraS9jcmwv +Y2FjcmwucGVtME4GCWCGSAGG+EIBCARBFj9odHRwOi8vd3d3LmlyaXNncmlkLmVz +L3BraS9wb2xpY3kvMS4zLjYuMS40LjEuNzU0Ny4yLjIuNC4xLjEuMS8waQYDVR0g +BGIwYDBeBg0rBgEEAbp7AgIEAQEBME0wSwYIKwYBBQUHAgEWP2h0dHA6Ly93d3cu +aXJpc2dyaWQuZXMvcGtpL3BvbGljeS8xLjMuNi4xLjQuMS43NTQ3LjIuMi40LjEu +MS4xLzANBgkqhkiG9w0BAQUFAAOCAQEAaqRfyLER+P2QOZLLdz66m7FGsgtFsAEx +wiNrIChFWfyHVZG7Ph1fn/GDD5LMsrU23lx3NBN5/feHuut1XNYKNs8vtV07D70r +DKjUlPbmWV0B+/GDxe1FDGop/tKQfyHSUaBuauXChFU/2INu5lhBerNl7QxNJ1ws +cWGiT7R+L/2EjgzWgH1V/0zmIOMep6kY7MUs8rlyF0O5MNFs232cA1trl9kvhAGU +9p58Enf5DWMrh17SPH586yIJeiWZtPez9G54ftY+XIqfn0X0zso0dnoXNJQYS043 +/5vSnoHdRx/EmN8yjeEavZtC48moN0iJ38eB44uKgCD77rZW5s1XqA== +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.crl_url ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.crl_url b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.crl_url new file mode 100644 index 0000000..c0482ca --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.crl_url @@ -0,0 +1 @@ +http://www.irisgrid.es/pki/crl/cacrl.pem http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.signing_policy ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.signing_policy b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.signing_policy new file mode 100644 index 0000000..b18ade0 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/9dd23746.signing_policy @@ -0,0 +1,5 @@ +# @(#)$Id: 9dd23746.signing_policy,v 1.2 2006/03/02 11:40:46 pmacvsdg Exp $ +# + access_id_CA X509 '/DC=es/DC=irisgrid/CN=IRISGridCA' + pos_rights globus CA:sign + cond_subjects globus '"/DC=es/DC=irisgrid/*"' http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/CHECKSUM.MD5 ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/CHECKSUM.MD5 b/tools/gsissh-cli-tools/src/main/resources/certificates/CHECKSUM.MD5 new file mode 100644 index 0000000..eb7dde1 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/CHECKSUM.MD5 @@ -0,0 +1,86 @@ +MD5 (16da7552.0) = 80185f9098632a28f967396c76104f1a +MD5 (16da7552.crl_url) = 134e5f1d879b373c99a61af9ce4684ae +MD5 (16da7552.signing_policy) = c614c9de953678c8f2272aa47a6ee66d +MD5 (1c3f2ca8.0) = 2accd5643b1809ffc8f7dd0c064e1218 +MD5 (1c3f2ca8.crl_url) = 40220f1f3f1e4e6f4acef77b2a35a803 +MD5 (1c3f2ca8.signing_policy) = fb2b2f10d7eea2fca0efca6f40c6a129 +MD5 (2ac09305.0) = eb54581304689b1e8f2d898f9e669daf +MD5 (2ac09305.crl_url) = c360668b7263f685e9ebd0c75c323b79 +MD5 (2ac09305.signing_policy) = abf379fb78f764f0c9b6058d745ce629 +MD5 (2f3fadf6.0) = 0e0da9c5fa8df71827d7ea2fbae7ae35 +MD5 (2f3fadf6.crl_url) = 0414dac4d49661e3f7940b27793b0da9 +MD5 (2f3fadf6.signing_policy) = ef7dc0a1f15d0511664e6347f232ee7e +MD5 (367b75c3.0) = c8cedaafe93f8989d1b2af140317b280 +MD5 (367b75c3.crl_url) = 3396a6e2ea4e55558432f8007c9aa328 +MD5 (367b75c3.signing_policy) = 34e8e653664c92325a66dbd5adcf5aec +MD5 (3deda549.0) = 23d0c49d887adb1a417d7f0aebd8e635 +MD5 (3deda549.crl_url) = 9ac428895d613f06051c161fe0719bd3 +MD5 (3deda549.signing_policy) = a581b7a8f407e96d6859c7db24b5da1c +MD5 (4b2783ac.0) = 1f4c0ec558e7e45bedbeb280ccad11c4 +MD5 (4b2783ac.crl_url) = 6a188c52ed8fa0b63fc05894c4f30482 +MD5 (4b2783ac.info) = 0de01e56504f9f99db33a225a913786a +MD5 (4b2783ac.namespaces) = 6f4cceee169fae1b57ab9c14efab1bde +MD5 (4b2783ac.psc-myproxy.cadesc) = b34e5e0bb060a2845caa478bbdf8bb25 +MD5 (4b2783ac.signing_policy) = 9280581f4a4707efe246714410058fc7 +MD5 (67e8acfa.0) = 1ab683dae9d042f1b994afcb622dda78 +MD5 (67e8acfa.crl_url) = 66277375361a84e31b9880357ff9f1f0 +MD5 (67e8acfa.signing_policy) = fe9300ed6017595137a1c5aa4c6deb76 +MD5 (684261aa.0) = fb5863d767fbdd506190dfe44f8fcee3 +MD5 (684261aa.crl_url) = 4c6e71dedc2cc040e72c91902a5dd3cc +MD5 (684261aa.signing_policy) = 941d3043540920930a9a8c110c329a31 +MD5 (684261aa.tacc.cadesc) = 3dca055e41f916b2b3971531eff06942 +MD5 (684261aa.tacc.cadesc.sig) = 71306b02067a1a1f1dc46f950a4ecf43 +MD5 (95009ddc.0) = 1f88df6c8e4974576e675578603f8d29 +MD5 (95009ddc.crl_url) = b0f2d69577ddc9da4badcfd75f2f7a7e +MD5 (95009ddc.signing_policy) = d2b2a3a710276d4dc7e7ff4436079d88 +MD5 (98ef0ee5.0) = a5ddc328fbed793848a45fc83ed645bf +MD5 (98ef0ee5.crl_url) = 25c41bf4c118225cea36b4807f5a30a0 +MD5 (98ef0ee5.signing_policy) = eabe775d6f2ae955fe21fd7d0ec8ea69 +MD5 (9a1da9f9.0) = fa9b554add1f878bef5c699661cee1a9 +MD5 (9a1da9f9.crl_url) = 8d12782b0e63fd50f1b8b03569194eea +MD5 (9a1da9f9.signing_policy) = 57e9ee2a91d5ea8d06d0426f02fd5d28 +MD5 (9b88e95b.0) = b49a9bfefd1e302fe6f15186f73c9bcd +MD5 (9b88e95b.crl_url) = 2414c04f8bfaec7a96f864b6284d93e1 +MD5 (9b88e95b.psc-root.cadesc) = b43192cdce2ccbefbc6f02f3f6ee54a7 +MD5 (9b88e95b.signing_policy) = 1601c1e4396ab8de4c558c2387629eef +MD5 (9b95bbf2.0) = 54946dfe70cc379ff5eee0a433450e37 +MD5 (9b95bbf2.crl_url) = 957e4f28f63dd1ccd93fba76ca59a95a +MD5 (9b95bbf2.signing_policy) = 65d65773fd6699ec6a1172ff0d10bf48 +MD5 (9dd23746.0) = 6fd3a51227e2b0fe80739c6c6aca5eb0 +MD5 (9dd23746.crl_url) = e76c6f458047cad083d90df00da5419d +MD5 (9dd23746.signing_policy) = 3e94400933e5b8eb55a920107212ccf6 +MD5 (DOEGrids_provenance) = 13f9b3249f02c95f5a510d2a1c7e1717 +MD5 (INFN_provenance) = 0e1d1b120ac1983794378197f369d953 +MD5 (NCSA_CACL_provenance) = b67c7c170cb6bf727f737fc1a2d37d1c +MD5 (NCSA_GridShib_provenance) = 939ab69f8a33dfe3858bcea3df2c476d +MD5 (NCSA_MyProxy_provenance) = 4a0b76cd9e26c4d147168c73bab08f7b +MD5 (PSC_provenance) = 5e55d256db97b122409c0c14a6a7fcfc +MD5 (README) = 09a74eeda8ed82dc89ae69398937daba +MD5 (TACC_MICS_provenance) = 3d5e1786dbd058d379130200f89f718b +MD5 (TACC_provenance) = fcef4397560a21d43df1f1c177c4cb24 +MD5 (UKeScience_provenance) = 329fe217b2e124014a4a58e708f1b44c +MD5 (acc06fda.0) = 35eb67ca83ea61561759d50bbf724417 +MD5 (acc06fda.crl_url) = 052108cc53dff4f26ba6e3f24b9b50f0 +MD5 (acc06fda.psc-host.cadesc) = b5a8497273a0986ab525868d9bd92304 +MD5 (acc06fda.signing_policy) = ae1fbbb080d06943fec69a2f1b6ad861 +MD5 (b89793e4.0) = 15a8e12656710375be7d236ef0f7ae7a +MD5 (b89793e4.crl_url) = be78e2beabab69a744501b4ad9b14000 +MD5 (b89793e4.signing_policy) = 5097b54753167fbb1e70884666220717 +MD5 (d1b603c3.0) = dfc3d126d0287fa1b0966dd771c2c71c +MD5 (d1b603c3.crl_url) = e273ca8a7262f45e0be63d86f75477fe +MD5 (d1b603c3.signing_policy) = f4806c5a15bc3a281dce015603809548 +MD5 (e5cc84c2.0) = 5ed0369d2cd8e799e2a6fd982d3729b5 +MD5 (e5cc84c2.crl_url) = e635f6691983f7516c4dbfc53aaef458 +MD5 (e5cc84c2.signing_policy) = 1b070adf710f6b1ae242f3718221cbc6 +MD5 (e5cc84c2.tacc.cadesc) = 493c81fe137cab8016833ec86d8bf332 +MD5 (e5cc84c2.tacc.cadesc.sig) = 78de54a252c9a2b1b4faa86428dd9f69 +MD5 (e8ac4b61.0) = cca6efa3fb9e3cb07dd9d74b7c303f2b +MD5 (e8ac4b61.crl_url) = 308ce01572934efa595707bdb4f38761 +MD5 (e8ac4b61.signing_policy) = 378df95ca3ebd9271064dcbf5368368d +MD5 (f2e89fe3.0) = 72a5df89ec5931261be1104cacca5c8b +MD5 (f2e89fe3.crl_url) = f5c7555d3d77b1666b8b4d808e15449c +MD5 (f2e89fe3.signing_policy) = 9af1c7030196313b87ad6af0808cb77a +MD5(b93d6240.0)= 68487cdb18d24140af0fa40f4fb17ed4 +MD5(b93d6240.crl_url)= 315dc8870cfd254b542cea553ff7a7a7 +MD5(b93d6240.info)= 45ff6d4b0fe063142a95ff4dcadb78c2 +MD5(b93d6240.signing_policy)= b5c09e3aab41302c012aabfecd7bb5f1 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/DOEGrids_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/DOEGrids_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/DOEGrids_provenance new file mode 100644 index 0000000..035050a --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/DOEGrids_provenance @@ -0,0 +1,100 @@ +[ removed DOE Grids CA certs 12d0dac8.* 1c3f2ca8.* 2013-01-28 dsimmel ] + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Replacement DOE Grids CRL URL, May 2009 (mccreary) ] + +Retrieved from +<https://pki1.doegrids.org/Other/> + DOEGrids.tar + DOEGrids.tar.asc + +on 01May09. Web server presented certificate w/ subject: + + CN = pki1.doegrids.org + OU = hosts +Serial Num = 42:25 + +from authority: + + CN = DOEGrids CA 1 + O = DOEGrids CA 1 + OU = Certificate Authorities + +Valid from 07May07 until 07May2012 + +Fingerprints: + SHA1 4B:A2:9C:B8:86:8A:87:DD:4A:25:D8:6B:D4:6B:15:11:AB:1D:45:8C + MD5 95:53:C1:1C:45:A9:61:36:96:5B:74:60:F1:01:6A:08 + +Verified untrusted GPG signature: +dubfwe:~/repo/security/new mccreary$ gpg --verify DOEGrids.tar{.asc,} +gpg: Signature made Fri Mar 27 13:05:00 2009 MDT using RSA key ID 9995D24A +gpg: Good signature from "Dhiva <[email protected]>" +gpg: WARNING: This key is not certified with a trusted signature! +gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: 209B 63C2 1FC5 35BE 94F7 2C71 5BE6 31C1 9995 D24A + +Updated 1c3f2ca8.crl_url: +dubfwe:~/repo/security/certificates mccreary$ diff 1c3f2ca8.crl_url ../new/doegrids/1c3f2ca8.crl_url +1c1 +< http://pki1.doegrids.org/CRL/1c3f2ca8.r0 +- --- +> http://crl.doegrids.org/1c3f2ca8/1c3f2ca8.r0 + +Verified that other files have no significant differences from current tarball: + 1c3f2ca8.0 + +dubfwe:~/repo/security/certificates mccreary$ openssl x509 -subject -fingerprint -sha1 -noout -in 1c3f2ca8.0 +subject= /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 +SHA1 Fingerprint=2D:7C:01:FE:A8:40:6A:D0:2E:80:F5:08:E4:D2:EB:A3:A8:84:F8:90 +MD5 Fingerprint=F3:76:00:EC:D0:8E:DB:20:BC:2B:E0:06:60:24:C4:9F + + 1c3f2ca8.signing_policy + +dubfwe:~/repo/security/certificates mccreary$ diff 1c3f2ca8.signing_policy ../new/doegrids/1c3f2ca8.signing_policy +1c1 +< # $Id: 1c3f2ca8.signing_policy,v 1.3 2006/08/23 23:07:04 dhiva Exp $ +- --- +> # $Id: 1c3f2ca8.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ +40a41,43 +> # Revision 1.1 2009/03/27 18:31:33 dhiva +> # *** empty log message *** +> # +59c62 +< # $Id: 1c3f2ca8.signing_policy,v 1.3 2006/08/23 23:07:04 dhiva Exp $ Included +- --- +> # $Id: 1c3f2ca8.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ Included + + d1b603c3.0 + +dubfwe:~/repo/security/certificates mccreary$ openssl x509 -subject -fingerprint -sha1 -noout -in d1b603c3.0 +subject= /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1 +SHA1 Fingerprint=F2:63:97:A8:B2:D5:1F:94:CC:0F:06:5A:FE:76:5D:F3:CF:28:81:A0 +MD5 Fingerprint=32:AC:21:5D:DE:43:73:E9:3A:EE:90:BC:17:C4:8F:36 + + d1b603c3.crl_url + d1b603c3.signing_policy + +dubfwe:~/repo/security/certificates mccreary$ diff d1b603c3.signing_policy ../new/doegrids/d1b603c3.signing_policy +1c1 +< # $Id: d1b603c3.signing_policy,v 1.5 2006/04/20 20:23:16 helm Exp $ +- --- +> # $Id: d1b603c3.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ +34a35,37 +> # Revision 1.1 2009/03/27 18:31:33 dhiva +> # *** empty log message *** +> # +52c55 +< # $Id: d1b603c3.signing_policy,v 1.5 2006/04/20 20:23:16 helm Exp $ included for all these files +- --- +> # $Id: d1b603c3.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ included for all these files + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (Darwin) + +iD8DBQFJ+2V9YjEf42hR7yYRApzdAJ9a4xq8oLzGZG+9U3Q0OCrdLm8NiwCfRFvu +BWX1ikzv2jgdMZc+i8MFJgg= +=eVq6 +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/INFN_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/INFN_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/INFN_provenance new file mode 100644 index 0000000..e6a7937 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/INFN_provenance @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Replacement INFN signing policy, May 2008 (mccreary) ] + +Retrieved from +<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/> + ca_INFN-CA-2006-1.28.tar.gz + +on 01May09. Web server presented certificate w/ subject: + + CN = dist.eugridpma.info + O = NIKHEF + OU = PDP +Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 + +from authority: + + CN = Cybertrust Educational CA + O = Cybertrust + OU = Educational CA + +Valid from 21Feb07 until 21Feb2010 + +Fingerprints: + SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 + MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D + +Updated 2f3fadf6.signing_policy: +dubfwe:~/repo/security/certificates mccreary$ diff 2f3fadf6.signing_policy ../new/ca_INFN-CA-2006-1.28/2f3fadf6.signing_policy +1,3c1,4 +< access_id_CA X509 '/C=IT/O=INFN/CN=INFN CA' +< pos_rights globus CA:sign +< cond_subjects globus '"/C=IT/O=INFN/OU=Personal Certificate/L=*/CN=*"' '"/C=IT/O=INFN/OU=Host/L=*/CN=*"' '"/C=IT/O=INFN/OU=Service/L=*/CN=*"' +- --- +> # @(#)$Id: 2f3fadf6.signing_policy,v 1.1 2006/10/10 10:13:18 pmacvsdg Exp $ +> access_id_CA X509 '/C=IT/O=INFN/CN=INFN CA' +> pos_rights globus CA:sign +> cond_subjects globus '"/C=it/O=INFN/*" "/C=IT/O=INFN/*"' + +Verified other files have no significant differences + 2f3fadf6.0 +openssl x509 -subject -fingerprint -sha1 -noout -in 2f3fadf6.0 +subject= /C=IT/O=INFN/CN=INFN CA +SHA1 Fingerprint=7D:17:44:C4:C9:1F:01:A8:B3:1C:81:E1:FF:8D:D8:91:B4:E1:5C:71 +MD5 Fingerprint=0A:D8:F4:7E:9E:39:6B:85:AE:68:FD:E5:8E:EA:6D:1B + + 2f3fadf6.crl_url +dubfwe:~/repo/security/certificates mccreary$ diff 2f3fadf6.crl_url ../new/ca_INFN-CA-2006-1.28/2f3fadf6.crl_url +1c1 +< http://security.fi.infn.it/CA/INFNCA_crl.pem +- --- +> http://security.fi.infn.it/CA/INFNCA_crl.der +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (Darwin) + +iD8DBQFJ+2l4YjEf42hR7yYRAkFuAKCX3S+Sng6Axxd/t5FQVG17B902qACgkaj3 +Gt5Pv1Gq9NGw/0RbJfT1OnU= +=Fgz2 +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar b/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar new file mode 100644 index 0000000..1ff6f4c Binary files /dev/null and b/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar.gz ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar.gz b/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar.gz new file mode 100644 index 0000000..8a558a1 Binary files /dev/null and b/tools/gsissh-cli-tools/src/main/resources/certificates/IUCerts.tar.gz differ http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_CACL_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_CACL_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_CACL_provenance new file mode 100644 index 0000000..ea1d0b9 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_CACL_provenance @@ -0,0 +1,55 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Verify NCSA CACL CA, May 2009 (mccreary) ] + +CACL CA cert obtained from on 13May09 from +<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.29.tar.gz> +Web server presented certificate w/ subject: + + CN = dist.eugridpma.info + O = NIKHEF + OU = PDP +Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 + +from authority: + + CN = Cybertrust Educational CA + O = Cybertrust + OU = Educational CA + +Valid from 21Feb07 until 21Feb2010 + +Fingerprints: + SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 + MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D + +Good PGP signature for this tar file was also obtained from +<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.29.tar.gz.asc> +Signature made with this key: + +pub 1024D/3CDBBC71 2005-07-12 + Key fingerprint = D12E 9228 22BE 64D5 0146 188B C32D 99C8 3CDB BC71 +uid EUGridPMA Distribution Signing Key 3 <[email protected]> + +Unfortunately this key has no signatures, and is not part of the TG security +working group web of trust. + +Extracted the following files from the tar file: +igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.0 +igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.crl_url +igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.signing_policy + +Verified that these files match the current files in the TG CA tarball. + +openssl x509 -subject -fingerprint -sha1 -noout -in 9b95bbf2.0 +subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=CACL +SHA1 Fingerprint=D3:F1:43:DD:1F:D7:41:4A:19:79:E1:12:B2:11:06:87:B7:79:66:1A +MD5 Fingerprint=98:E7:B5:3F:10:FD:24:E3:EF:B6:4A:54:A6:CE:87:1A +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (Darwin) + +iD8DBQFKCyoPYjEf42hR7yYRArY6AKDe9/HLwAriVUnBcpWPv6+1O1LkRQCfWTeR +KXEC9UTETGCMC/dNnGd45IM= +=lnTK +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_GridShib_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_GridShib_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_GridShib_provenance new file mode 100644 index 0000000..3b849a4 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_GridShib_provenance @@ -0,0 +1,74 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ New GridShib CA, May 2009 (mccreary) ] + +Received via email with S/MIME signature on 13May09. Signed using +certificate w/ subject: + + CN = Jim Basney + O = National Center for Supercomputing Applications + OU = People +Serial Num = 01:04 + +from authority: + + CN = CACL + O = National Center for Supercomputing Applications + OU = Certificate Authorities + +Valid from 23May08 until 24May2009 + +Fingerprints: + SHA1 FC:BF:6C:6E:9E:71:AC:B5:01:4C:FE:FF:57:D8:17:86:E4:07:32:31 + MD5 E3:B8:68:A8:5C:62:00:78:A0:DB:30:48:03:B0:5A:C9 + +Self-signed CACL CA cert in tarball verified on 13May09, see NCSA_CACL_provenance +for details. + +Tar file containing the CA cert and signing policy was also obtained from +<http://www.ncsa.uiuc.edu/~jbasney/ncsa-gridshib-ca-igtf.tar.gz> +Good PGP signature for this tar file was obtained from +<http://www.ncsa.uiuc.edu/~jbasney/ncsa-gridshib-ca-igtf.tar.gz.sig> +Signature made with this key: + +pub 1024D/424ACD8C 2009-01-01 [expires: 2010-01-26] + Key fingerprint = 7396 9433 032F 4DC9 94A4 514A 1155 CA38 424A CD8C +uid Jim Basney <[email protected]> +sub 2048g/A97983D9 2009-01-01 [expires: 2010-01-26] + +Unfortunately this key is not part of the TG security working group web of trust. + +Extracted the following files from the tar file and checked against the +attachments from the email message: + +ncsa-gridshib-ca-igtf/e8ac4b61.0 +ncsa-gridshib-ca-igtf/e8ac4b61.signing_policy + +Cosmetic differences between email and tar files: +diff ./e8ac4b61.0 ../ncsa-gridshib-ca-igtf/e8ac4b61.0 +24,25d23 +< +< +diff ./e8ac4b61.signing_policy ../ncsa-gridshib-ca-igtf/e8ac4b61.signing_policy +4,5d3 +< +< + +Obtained CRL URL from subsequent S/MIME email message from Jim Basney, signed +with the same CACL cert. + +http://ca.ncsa.uiuc.edu/e8ac4b61.r0 + +New GridShib cert: +openssl x509 -subject -fingerprint -sha1 -noout -in e8ac4b61.0 +subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=GridShib CA +SHA1 Fingerprint=48:DE:D1:9E:40:BF:3A:20:2B:A2:F6:F2:85:6A:62:37:5D:E9:AD:E1 +MD5 Fingerprint=3D:6F:CD:C7:C2:E9:B0:DF:F9:0F:B7:28:0F:57:CD:63 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (Darwin) + +iD8DBQFKCzPaYjEf42hR7yYRAgP4AKCWfo4Kgxb2GLOWldO55r9a+e8ZrwCcC/K4 +HyZGK7+1+mZ/FYpUSP7a5NM= +=jt55 +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_MyProxy_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_MyProxy_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_MyProxy_provenance new file mode 100644 index 0000000..e542bfc --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/NCSA_MyProxy_provenance @@ -0,0 +1,57 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Verify NCSA MyProxy CA, Oct 2009 (mccreary) ] + +MyProxy CA cert obtained from on 07Oct09 from +<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.31.tar.gz> +Web server presented certificate w/ subject: + + CN = dist.eugridpma.info + O = NIKHEF + OU = PDP +Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 + +from authority: + + CN = Cybertrust Educational CA + O = Cybertrust + OU = Educational CA + +Valid from 21Feb07 until 21Feb2010 + +Fingerprints: + SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 + MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D + +Good PGP signature for this tar file was also obtained from +<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.31.tar.gz.asc> +Signature made with this key: + +pub 1024D/3CDBBC71 2005-07-12 + Key fingerprint = D12E 9228 22BE 64D5 0146 188B C32D 99C8 3CDB BC71 +uid EUGridPMA Distribution Signing Key 3 <[email protected]> + +Unfortunately this key has no signatures, and is not part of the TG security +working group web of trust. + +Extracted the following files from the tar file: +igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.0 +igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.signing_policy + +Verified that these files match the current files in the TG CA tarball. Also +added the following file to the tarball: + +igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.crl_url + +openssl x509 -subject -fingerprint -sha1 -noout -in f2e89fe3.0 +subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy +SHA1 Fingerprint=59:99:70:9C:C8:23:C4:0D:7F:3F:C0:80:AB:52:EC:D1:62:F1:5F:3B +MD5 Fingerprint=C5:8B:4C:8C:FA:CB:57:6C:35:E7:96:55:1C:B6:F3:24 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (Darwin) + +iD8DBQFKzQG2YjEf42hR7yYRAh+3AKC1ENwXPn0h+DWw/7uYh9Oy7J+8oQCgpkXW +9w5nZQx9Yui4052Q+xTn2HU= +=piqo +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/PSC_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/PSC_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/PSC_provenance new file mode 100644 index 0000000..a1ed07c --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/PSC_provenance @@ -0,0 +1,78 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Verify new PSC CA, April 2010 (mccreary) ] + +New CA cert tarball obtained on 23Apr2010 vi email from +Derek Simmel <[email protected]>. A good PGP signature for this tar file was +sent in the same email message, using a PGP key I have signed myself. The +signature was made with this key: + +pub 1024D/F2882606 2004-01-12 + Key fingerprint = EC23 8D42 69B3 3EBB 9850 F972 8575 CF80 F288 2606 +uid Derek Simmel <[email protected]> +sub 2048g/DB7D9741 2004-01-12 + +This key has been signed by my own key: + +pub 1024D/6851EF26 2006-05-03 [expire: 2011-05-02] + Key fingerprint = F9E7 8D30 2833 70A8 611A 42C2 6231 1FE3 6851 EF26 +uid Sean McCreary <[email protected]> +sub 2048g/BD594BA4 2006-05-03 [expire: 2011-05-02] + +Extracted the following files from the tar file: +9b88e95b.0 +9b88e95b.crl_url +9b88e95b.psc-root.cadesc +9b88e95b.signing_policy +acc06fda.0 +acc06fda.crl_url +acc06fda.psc-host.cadesc +acc06fda.signing_policy +4b2783ac.0 +4b2783ac.crl_url +4b2783ac.psc-myproxy.cadesc +4b2783ac.signing_policy +4b2783ac.info +4b2783ac.namespaces + +Note that the *.crl_url files refer to the DER-format revocation lists. We +require PEM-format revocation lists, so I have included the alternate URLs +for these files (i.e. I replaced http://foo/bar/XXXXXXXX.crl with +http://foo/bar/XXXXXXXX.r0 in each file). + +9b88e95b already exists in the tarball. I've verified that the CA cert is +identical with the following differences in the signing_policy file: + +openssl x509 -subject -fingerprint -sha1 -noout -in 9b88e95b.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA +SHA1 Fingerprint=76:14:59:94:16:2B:E2:05:C9:16:3F:85:8E:7C:70:EE:B9:DD:84:50 +MD5 Fingerprint=A4:DC:F4:AB:62:B1:6B:8C:90:78:03:94:A6:8E:B9:5A + +$ diff 9b88e95b.signing_policy ../certificates-/9b88e95b.signing_policy +3c3 +< cond_subjects globus '"/C=US/O=Pittsburgh Supercomputing Center/*"' +- - --- +> cond_subjects globus '"/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Web Services CA"' + +acc06fda also already exists in the tarball. I've verified that the CA cert +and signing_policy files are identical. + +openssl x509 -subject -fingerprint -sha1 -noout -in acc06fda.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA +SHA1 Fingerprint=6C:CD:19:F1:36:B8:49:01:C4:E4:3B:0B:56:44:9D:58:4B:89:14:88 +MD5 Fingerprint=C7:76:67:51:73:EE:F3:13:FA:12:DA:CB:95:CC:2E:C1 + +4b2783ac is a new addition to the tarball: + +openssl x509 -subject -fingerprint -sha1 -noout -in 4b2783ac.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA +SHA1 Fingerprint=F8:13:D4:7B:44:9C:4A:83:CF:E3:A5:59:37:5C:9F:F7:FA:0A:1D:66 +MD5 Fingerprint=21:F7:B4:30:26:C7:49:5E:F3:56:61:D4:73:A3:32:A1 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (Darwin) + +iEYEARECAAYFAkvYfeQACgkQYjEf42hR7yaXOgCeM7u14ay4UI7Q5SJfnNCmsp4i +K+UAn2Hr9KB3ZZ+2HtOVQN/wWGgAkuSL +=BVSC +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/README.txt ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/README.txt b/tools/gsissh-cli-tools/src/main/resources/certificates/README.txt new file mode 100644 index 0000000..950f4dc --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/README.txt @@ -0,0 +1,422 @@ +CURRENT (as of January 30, 2013) XSEDE APPROVED CAs: + +Revision History +----------------- +1/30/2013 [Added DOEGrids CA S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*] + +1/28/2013 [Removed expiring UK EScience CA 53729190.* 367b75c3.*, DOE Grids CA 12d0da68.* 1c3f2ca8.*, and SDSC NPACI CA 9117797f.* b89793e4.*] + +1/11/2013 [Removed Decommissioned TACC CAs 9a1da9f9 and f30e4b25] + +11/1/2012 [Removed expired UK EScience CA certs and files 367b75c3.*, corrected filenames and symlinks for UK EScience CA certs] + +8/8/12 [Corrected issues with signing policies of the recently added UK e-science CAs 1b6f5ede and ffc3d59b] + +7/23/12 [Added UK eScienceCA 2A and 2B Files from igtf tarball v1.48] + +4/11/2011 [Added newly TAGPMA accredited NCSA 2-factor SLCS CA (Added to IGTF distribution 3/26/2012).] + +1/4/2012 [Added newly TAGPMA accredited NICS MyProxy CA] + +6/1/2011 [Added KEK GRID CA (TAGPMA Certified)] + +5/4/2011 [Added NERSC CA (TAGPMA Certified)] + +1/25/2011 [Added OpenSSL 1.x hash symbolic links for *.0, *.signing_policy, + *.info, & *.namespaces files on Jan 25 2011] + + +DOE SCIENCE GRID: +----------------- + +Added extended CA certificate (S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*) 2013-01-30 + +Removed expired CA certificate 2013-01-28 + +[Updated signing certificates (validity dates extended) & signing_policies for DOEGrids and ESnet, and crl_url for ESnet, Nov 3, 2006] +[Updated CRL URL for DOEGrids CA 1, May 1, 2008 (mccreary)] + +1c3f2ca8.0 +/DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1 +1c3f2ca8.crl_url +http://crl.doegrids.org/1c3f2ca8/1c3f2ca8.r0 +1c3f2ca8.signing_policy + +d1b603c3.0 +/DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1 +d1b603c3.crl_url +http://www.es.net/CA/d1b603c3/d1b603c3.r0 +d1b603c3.signing_policy + +IRISGrid (Spain): +----------------- + +9dd23746.0 +DC=es, DC=irisgrid, CN=IRISGridCA +9dd23746.crl_url +http://www.irisgrid.es/pki/crl/cacrl.pem +9dd23746.signing_policy + +NCSA: +----- + +[ Verified 13May09 by mccreary, see NCSA_CACL_provenance for details ] +9b95bbf2.0 +[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ] +C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL +http://ca.ncsa.uiuc.edu/9b95bbf2.r0 +9b95bbf2.signing_policy + +[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ] +[ Verified 07Oct09 by mccreary, see NCSA_MyProxy_provenance for details ] +f2e89fe3.0 +C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy +http://ca.ncsa.uiuc.edu/f2e89fe3.r0 +f2e89fe3.signing_policy + +[ Added 13May09 by mccreary, see NCSA_GridShib_provenance for details ] +e8ac4b61.0 +/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=GridShib CA +e8ac4b61.crl_url +http://ca.ncsa.uiuc.edu/e8ac4b61.r0 +e8ac4b61.signing_policy + +PITTSBURGH SUPERCOMPUTING CENTER: +--------------------------------- + +[ Verified 23Apr10 by mccreary, see PSC_provenance for details ] +9b88e95b.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA +9b88e95b.crl_url +http://www.psc.edu/ca/crl/9b88e95b.crl +9b88e95b.psc-root.cadesc +9b88e95b.signing_policy + +[ Verified 23Apr10 by mccreary, see PSC_provenance for details ] +acc06fda.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA +acc06fda.crl_url +http://www.psc.edu/ca/crl/acc06fda.crl +acc06fda.psc-host.cadesc +acc06fda.signing_policy + +[ Added 23Apr10 by mccreary, see PSC_provenance for details ] +4b2783ac.0 +subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA +4b2783ac.crl_url +http://www.psc.edu/ca/crl/4b2783ac.crl +4b2783ac.psc-myproxy.cadesc +4b2783ac.signing_policy +4b2783ac.info +4b2783ac.namespaces + +Purdue University: +------------------ + +67e8acfa.0 +/CN=Purdue TeraGrid RA/OU=Purdue TeraGrid/O=Purdue University/ST=Indiana/C=US +67e8acfa.crl_url +http://tg-ca.purdue.teragrid.org:8080/67e8acfa.r0 +67e8acfa.signing_policy + +95009ddc.0 +/CN=PurdueCA/O=Purdue University/ST=Indiana/C=US +95009ddc.crl_url +http://tg-ca.purdue.teragrid.org:8080/95009ddc.r0 +95009ddc.signing_policy + + +SDSC: +----- + +3deda549.0 +/C=US/O=SDSC/OU=SDSC-CA/CN=Certificate Authority/UID=certman +3deda549.crl_url +http://www.sdsc.edu/CA/3deda549.r0 +3deda549.signing_policy + +b89793e4.0 +/C=US/O=NPACI/OU=SDSC/CN=Certificate Manager/UID=certman +b89793e4.crl_url +http://www.npaci.edu/CA/b89793e4.r0 +b89793e4.signing_policy + + +TACC: +----- + +[ New TACC CA currently under review - added now to permit testing ] + +9a1da9f9.0 +/C=US/O=UTAustin/OU=TACC/CN=TACC Certification Authority/UID=caman +9a1da9f9.crl_url +http://www.tacc.utexas.edu/CA/CRL +9a1da9f9.signing_policy + +[ New TACC root and classic CA added, Dec 2008 (mccreary) ] +684261aa.0 +/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA +684261aa.crl_url +http://www.tacc.utexas.edu/CA/684261aa.r0 +684261aa.signing_policy +684261aa.tacc.cadesc +684261aa.tacc.cadesc.sig + +e5cc84c2.0 +/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA +e5cc84c2.crl_url +http://www.tacc.utexas.edu/CA/e5cc84c2.r0 +e5cc84c2.signing_policy +e5cc84c2.tacc.cadesc +e5cc84c2.tacc.cadesc.sig + +See TACC_provenance for signed statement of certificate origin + +[ Added 13May09 by mccreary, see TACC_MICS_provenance for details ] +2ac09305.0 +/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA +2ac09305.crl_url +http://www.tacc.utexas.edu/CA/2ac09305.r0 +2ac09305.signing_policy + +UK E-Science CA: +---------------- + +[ Jan 28, 2013: Removed (again?) EScience CA cert and files 53729190.* 367b75c3.*] + +[ Nov 1, 2012: Removed expired EScience CA cert and files 367b75c3.* ] + +[ Nov 1, 2012: swapped filenames and links for consistency with other CA cert file naming ] + +$ ls -l 877af676.* +lrwxr-xr-x 1 JimMarsteller staff 10 Nov 1 15:30 877af676.0 -> 1b6f5ede.0 +lrwxr-xr-x 1 JimMarsteller staff 16 Nov 1 15:31 877af676.crl_url -> 1b6f5ede.crl_url +lrwxr-xr-x 1 JimMarsteller staff 23 Nov 1 15:30 877af676.signing_policy -> 1b6f5ede.signing_policy +$ ls -l 1b6f5ede.* +-rw-r--r--@ 1 JimMarsteller staff 1367 Jul 11 09:55 1b6f5ede.0 +-rw-r--r--@ 1 JimMarsteller staff 43 Jul 11 10:33 1b6f5ede.crl_url +-rw-r--r--@ 1 JimMarsteller staff 237 Jul 11 09:55 1b6f5ede.signing_policy +$ ls -l 530f7122.* +lrwxr-xr-x 1 JimMarsteller staff 10 Nov 1 15:26 530f7122.0 -> ffc3d59b.0 +lrwxr-xr-x 1 JimMarsteller staff 16 Nov 1 15:28 530f7122.crl_url -> ffc3d59b.crl_url +lrwxr-xr-x 1 JimMarsteller staff 23 Nov 1 15:27 530f7122.signing_policy -> ffc3d59b.signing_policy +$ ls -l ffc3* +-rw-r--r--@ 1 JimMarsteller staff 1367 Jul 11 10:28 ffc3d59b.0 +-rw-r--r--@ 1 JimMarsteller staff 43 Jul 11 10:33 ffc3d59b.crl_url +-rw-r--r--@ 1 JimMarsteller staff 237 Jul 11 10:29 ffc3d59b.signing_policy + +[ addition of UK eScienceCA 2A and 2B, Jul 2012 (fest) ] +Files from igtf tarball v1.48 + +877af676.0 +877af676.signing_policy +530f7122.0 +530f7122.signing_policy + +wget https://dist.eugridpma.info/distribution/igtf/current/https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.48.tar.gz + +added hashes for v1 as well. + +[ removal of old UK eScience certificates and urls, Aug 2008 (shelmire) ] + +Files +adcbc9ef.0 + adcbc9ef.signing_policy + 8175c1cd.0 + 8175c1cd.signing_policy + +have been removed. The host that was holding these certificates may have been compromised. The UK E-Science CA is no longer honoring them. + +[ Replacement UK eScience certificates, May 2008 (mccreary) ] + +Retrieved from +<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/> + ca_UKeScienceRoot-2007-1.21.tar.gz + ca_UKeScienceCA-2007-1.21.tar.gz + ca_UKeScienceRoot-1.21.tar.gz + ca_UKeScienceCA-1.21.tar.gz + +on 22May08. Web server presented certificate w/ subject: + + CN = dist.eugridpma.info + O = NIKHEF + OU = PDP +Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 + +from authority: + + CN = Cybertrust Educational CA + O = Cybertrust + OU = Educational CA + +Valid from 21Feb07 until 21Feb2010 + +Fingerprints: + SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 + MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D + +Updated: 367b75c3.0 + 367b75c3.signing_policy + 98ef0ee5.0 + 98ef0ee5.signing_policy + +*.crl_url files left unchanged, only difference is .pem extension + +1c1 +< http://ca.grid-support.ac.uk/pub/crl/ca-crl.der +--- +> http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem + +Also verifiedi: adcbc9ef.0 + adcbc9ef.signing_policy + 8175c1cd.0 + 8175c1cd.signing_policy + +Note that *crl_url for these certs also differs in the extension + +1c1 +< http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl +--- +> http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem + +[ New UK eScience CAs November 2007 (cab) ] + +367b75c3.0 +subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA +367b75c3.crl_url= http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem +367b75c3.signing_policy + +98ef0ee5.0 +subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root +98ef0ee5.crl_url= http://ca.grid-support.ac.uk/pub/crl/root-crl.pem +98ef0ee5.signing_policy + +[ New UK eScience CAs August 2006 ] +[ As of Nov. 27, 2007 No new certificates will be issued by this CA (cab) ] +[ Updated the CRL URL location to point to an unpublished PEM file (cab) ] +8175c1cd.0 +subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA +8175c1cd.crl_url +http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem +8175c1cd.signing_policy + +adcbc9ef.0 +subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA +adcbc9ef.crl_url +http://ca.grid-support.ac.uk/pub/crl/escience-ca-crl.pem +adcbc9ef.signing_policy + +[ UDATED Oct. 16 2007 - updated expired certificate URL (jam) ] +[ REMOVED Oct. 1 2007 - purged expired certificat (cab) ] +[ EXPIRING Aug 4 10:36:41 2007 GMT - no new certificates to be issued after Aug 2006 ] +[ previously approved for limited use until 12/31/2003; re-added for Reality-Grid + users under Bruce Boghosian (Tufts) TeraGrid project 08/18/2004 - dsimmel ] +01621954.0 +/C=UK/O=eScience/OU=Authority/CN=CA/[email protected] +01621954.crl_url +http://ca.grid-support.ac.uk/cgi-bin/importCRL.pem +01621954.signing_policy + + +University of Southern California (USC) CA & KCA: +------------------------------------------------- + +[ added March 2005 to facilitate SCEC project users ] +[ removed January 2011 due to CA certificate expiration (jbasney) ] + +2ca73e82.0 +/C=US/ST=California/L=Los Angeles/O=University of Southern California/CN=University of Southern California PKI-Lite CA, release 1/[email protected] +2ca73e82.crl_url +http://www.usc.edu/isd/services/authx/CA/2ca73e82.r0 +2ca73e82.signing_policy + +[ USC Kerberos Certification Authority only issues short term certs for proxy use + and has no Certificate Revocation List ] + +[ USC KCA v2 service certificate fa9c3452.0 expired March 2, 2006 - the new v3 appears below ] +[ USC KCA v3 service certificate b57985f0.0 expired again on March 2, 2006, removed from the tarball, WJL] +b57985f0.0 +/C=US/ST=California/L=Los Angeles/O=University of Southern California/OU=Information Services Division/CN=University of Southern California KCA v3/[email protected] +b57985f0.signing_policy + + +INFN (Italy) CA: +--------------- + +[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ] +[ removed as it expired Sept. 18, 2007 ] +49f18420.0 +/C=IT/O=INFN/CN=INFN Certification Authority +49f18420.crl_url +http://security.fi.infn.it/CA/crl.pem +49f18420.signing_policy + +[ added on Oct. 1, 2007 to reflect the issuing of a new CA (cab) ] +[ Renamed the CRL URL to reflect an upublished PEM encoded file (cab) ] +[ Updated signing policy, May 1, 2009 (mccreary) ] +2f3fadf6.0 +/C=IT/O=INFN/CN=INFN CA +http://security.fi.infn.it/CA/INFNCA_crl.pem +2f3fadf6.signing_policy + + +Dutch Grid and NIKHEF CA: +------------------------ + +[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ] + +16da7552.0 +/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth +16da7552.crl_url +http://ca.dutchgrid.nl/medium/cacrl.pem +16da7552.signing_policy + + +AIST (Japan) CA: +--------------- + +[ added March 2006 for GridRPC Materials Science production runs ] + +a317c467.0 +/C=JP/O=AIST/OU=GRID/CN=Certificate Authority +a317c467.crl_url +https://www.apgrid.org/CA/AIST/Production/a317c467.r0 +a317c467.signing_policy + + +NERSC SLCS CA: + +[ Added Apr 27 2011 per TeraGrid Ticket 198964 ] + +$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz +--2011-04-27 10:37:26-- https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz +Resolving dist.eugridpma.info... 194.171.96.74 +Connecting to dist.eugridpma.info|194.171.96.74|:443... connected. +HTTP request sent, awaiting response... 200 OK +Length: 150942 (147K) [application/x-gzip] +Saving to: `igtf-policy-installation-bundle-1.38.tar.gz' +100%[======================================>] 150,942 223K/s in 0.7s +2011-04-27 10:37:28 (223 KB/s) - `igtf-policy-installation-bundle-1.38.tar.gz' saved [150942/150942] +$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc +--2011-04-27 10:37:48-- https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc +Resolving dist.eugridpma.info... 194.171.96.74 +Connecting to dist.eugridpma.info|194.171.96.74|:443... connected. +HTTP request sent, awaiting response... 200 OK +Length: 189 [text/plain] +Saving to: `igtf-policy-installation-bundle-1.38.tar.gz.asc' +100%[======================================>] 189 --.-K/s in 0s +2011-04-27 10:37:49 (1.80 MB/s) - `igtf-policy-installation-bundle-1.38.tar.gz.asc' saved [189/189] +$ gpg --verify igtf-policy-installation-bundle-1.38.tar.gz.asc +gpg: Signature made Fri Feb 4 05:14:38 2011 CST using DSA key ID 3CDBBC71 +gpg: Good signature from "EUGridPMA Distribution Signing Key 3 <[email protected]>" +$ tar xfz igtf-policy-installation-bundle-1.38.tar.gz +$ cd igtf-policy-installation-bundle-1.38/src/accredited/ +$ cp NERSC-SLCS.* ~/cvs/repo.teragrid.org/security/certificates +$ cd ~/cvs/repo.teragrid.org/security/certificates/ +$ mv NERSC-SLCS.pem b93d6240.0 +$ mv NERSC-SLCS.info b93d6240.info +$ mv NERSC-SLCS.crl_url b93d6240.crl_url +$ mv NERSC-SLCS.signing_policy b93d6240.signing_policy +$ rm NERSC-SLCS.namespaces +$ ln -s b93d6240.0 20b7db76.0 +$ ln -s b93d6240.signing_policy 20b7db76.signing_policy http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_MICS_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_MICS_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_MICS_provenance new file mode 100644 index 0000000..086d591 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_MICS_provenance @@ -0,0 +1,23 @@ +[ New TACC MICS CA, May 2009 (mccreary) ] + +Obtained CA files from Margaret Murray <[email protected]> on 13May09 +Tar file and detached signature both obtained via email +Signature made with this key: + +pub 2048R/7373DBE8 2008-11-08 + Key fingerprint = 8D4F 371E 8E17 8DA8 8FD4 2DB9 B639 1A0C 7373 DBE8 +uid Margaret Murray <[email protected]> +sub 2048R/407CB31E 2008-11-08 + +Verified the fingerprint of this key via telephone. + +Extracted these files from the tar file: +2ac09305.0 +2ac09305.crl_url +2ac09305.signing_policy + +New MICS cert: +openssl x509 -subject -fingerprint -sha1 -noout -in 2ac09305.0 +subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA +SHA1 Fingerprint=E0:45:7E:E9:FD:E5:08:D9:CA:E0:E6:06:42:97:A0:25:0C:E9:B0:A1 +MD5 Fingerprint=5D:6D:10:ED:FC:F2:FF:24:D6:00:DA:1B:9C:D8:13:80 http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_provenance new file mode 100644 index 0000000..4ad1bfb --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/TACC_provenance @@ -0,0 +1,68 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ New TACC certificates, Dec 2008 (mccreary) ] + +Obtained these files from Margaret Murray <[email protected]> on 29Oct08 + Encrypted with CAST5 using a shared secret exchanged by telephone + +e5cc84c2.signing_policy +e5cc84c2.crl_url +e5cc84c2.0 +684261aa.0 +684261aa.crl_url +684261aa.tacc.cadesc + +Updated e5cc84c2.tacc.cadesc obtained from Margaret Murray + <[email protected]> on 10Dec08 + Verified changes via telephone conversation +Updated 684261aa.signing_policy obtained from Margaret Murray + <[email protected]> on 10Dec08 + Only change is a typo fix + +diff 684261aa.signing_policy.OLD 684261aa.signing_policy +4c4 +< cond_subjects globus '"/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/TACC Classic CA" "/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/TACC MICS CA"' +- - --- +> cond_subjects globus '"/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA" "/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA"' + +New certs: +openssl x509 -subject -fingerprint -sha1 -noout -in 684261aa.0 +subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA +SHA1 Fingerprint=15:2D:FC:BA:13:11:2C:F5:65:53:AC:94:5F:89:2C:B0:E5:F6:BA:A8 +MD5 Fingerprint=01:46:1D:D5:80:60:5A:4B:CB:B3:61:AA:A1:3D:6C:42 + +openssl x509 -subject -fingerprint -sha1 -noout -in e5cc84c2.0 +subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA +SHA1 Fingerprint=5B:AE:F7:20:B1:3A:91:4F:1C:FE:8F:AF:5E:ED:48:DB:62:0E:47:65 +MD5 Fingerprint=EA:31:04:07:7B:0A:04:EC:DD:B1:A2:75:29:39:83:98 + +[ Updated cadesc files, June 2010 (mccreary) ] + +Obtained corrected cadesc files from Margaret Murray <[email protected]> +on 29Jun10. Included with the updated cadesc files were detached PGP +signatures of the files: + +684261aa.tacc.cadesc.sig +e5cc84c2.tacc.cadesc.sig + +These signatures were generated with the following key: + +pub 2048R/7373DBE8 2008-11-08 + Key fingerprint = 8D4F 371E 8E17 8DA8 8FD4 2DB9 B639 1A0C 7373 DBE8 +uid Margaret Murray <[email protected]> +sub 2048R/407CB31E 2008-11-08 + +This key has been signed by my own key: + +pub 1024D/6851EF26 2006-05-03 [expire: 2011-05-02] + Key fingerprint = F9E7 8D30 2833 70A8 611A 42C2 6231 1FE3 6851 EF26 +uid Sean McCreary <[email protected]> +sub 2048g/BD594BA4 2006-05-03 [expire: 2011-05-02] +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (Darwin) + +iEYEARECAAYFAkwqUBUACgkQYjEf42hR7yZflACg1lV1LTy++UOEeRcvOAFsnEkZ +zHMAoJ5/pNpdO+12mqZUqa2ol/aWl7HU +=5wFr +-----END PGP SIGNATURE----- http://git-wip-us.apache.org/repos/asf/airavata/blob/ca510447/tools/gsissh-cli-tools/src/main/resources/certificates/UKeScience_provenance ---------------------------------------------------------------------- diff --git a/tools/gsissh-cli-tools/src/main/resources/certificates/UKeScience_provenance b/tools/gsissh-cli-tools/src/main/resources/certificates/UKeScience_provenance new file mode 100644 index 0000000..476f480 --- /dev/null +++ b/tools/gsissh-cli-tools/src/main/resources/certificates/UKeScience_provenance @@ -0,0 +1,137 @@ +[ Removed (again?) expiring UK eScience CA certs 53729190.* 367b75c3.* 2013-01-28 dsimmel ] + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +[ Updated UK eScience CA certificate, validity extended to March 31, 2013 (jam,dsimmel 2012-11-01) ] + +$ openssl version +OpenSSL 1.0.0-fips 29 Mar 2010 + +$ openssl x509 -in 367b75c3.0 -serial -issuer -subject -dates -hash -subject_hash_old -noout +serial=0121 +issuer= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root +subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA +notBefore=Oct 30 09:00:00 2007 GMT +notAfter=Mar 31 23:59:59 2013 GMT +53729190 +367b75c3 + +[ Replacement UK eScience certificates, May 2008 (mccreary) ] + +Retrieved from +<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/> + ca_UKeScienceRoot-2007-1.21.tar.gz + ca_UKeScienceCA-2007-1.21.tar.gz + ca_UKeScienceRoot-1.21.tar.gz + ca_UKeScienceCA-1.21.tar.gz + +on 22May08. Web server presented certificate w/ subject: + + CN = dist.eugridpma.info + O = NIKHEF + OU = PDP +Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 + +from authority: + + CN = Cybertrust Educational CA + O = Cybertrust + OU = Educational CA + +Valid from 21Feb07 until 21Feb2010 + +Fingerprints: + SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 + MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D + +Updated certs: +openssl x509 -subject -fingerprint -sha1 -noout -in 367b75c3.0 +subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA +SHA1 Fingerprint=CA:1C:B6:6C:A9:E3:27:4D:F7:3E:A9:EB:6A:33:3F:C1:A2:B1:B8:D7 +MD5 Fingerprint=29:74:27:49:A9:9C:C2:BB:1A:FE:58:BB:02:BE:00:E9 + +openssl x509 -subject -fingerprint -sha1 -noout -in 98ef0ee5.0 +subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root +SHA1 Fingerprint=A1:39:B0:F3:04:6C:0B:F9:F5:0A:1B:33:00:06:4F:83:6B:7D:4F:3E +MD5 Fingerprint=0E:4A:28:9B:BB:2C:A2:3E:90:8F:AF:11:A6:8B:BE:9E + +*.signing_policy files have cosmetic differences: + +diff ./367b75c3.signing_policy ../teragrid-certs/367b75c3.signing_policy +1,4c1,14 +< # @(#)$Id: 367b75c3.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ +< access_id_CA X509 '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA' +< pos_rights globus CA:sign +< cond_subjects globus '"/C=UK/O=eScience/*"' +- - --- +> # Signing policy for UK e-Science CA +> # This file should be installed in +> # /etc/grid-security/certificates +> # as <hash>.signing_policy along with +> # the CA certificate as <hash>.<digit> +> # -- here <hash> is the output of +> # openssl x509 -hash -noout -in <certificate> +> # and <digit> is the lowest single (decimal) +> # digit that makes the file unique (in case +> # you have other CA certificates that hash to +> # the same value) +> access_id_CA X509 '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA' +> pos_rights globus CA:sign +> cond_subjects globus '"/C=UK/O=eScience/*"' +diff ./98ef0ee5.signing_policy ../teragrid-certs/98ef0ee5.signing_policy +1,4c1,14 +< # @(#)$Id: 98ef0ee5.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ +< access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' +< pos_rights globus CA:sign +< cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"' +- - --- +> # Signing policy for UK e-Science ROOT CA. +> # This file should be installed in +> # /etc/grid-security/certificates +> # as <hash>.signing_policy along with +> # the CA certificate as <hash>.<digit> +> # -- here <hash> is the output of +> # openssl x509 -hash -noout -in <certificate> +> # and <digit> is the lowest single (decimal) +> # digit that makes the file unique (in case +> # you have other CA certificates that hash to +> # the same value) +> access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' +> pos_rights globus CA:sign +> cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"' + + +*.crl_url contain different extensions: + +1c1 +< http://ca.grid-support.ac.uk/pub/crl/ca-crl.der +- - --- +> http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem + +Also verified old UKeScience CA and Root certs: + +openssl x509 -subject -fingerprint -sha1 -noout -in adcbc9ef.0 +subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA +SHA1 Fingerprint=0A:E0:5B:0C:64:99:18:2B:4F:FB:15:33:6F:77:33:F9:8E:F2:6D:C7 +MD5 Fingerprint=24:47:F1:F0:BD:1F:3E:E5:AE:4B:55:E9:E3:30:3A:0F + +openssl x509 -subject -fingerprint -sha1 -noout -in 8175c1cd.0 +subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA +SHA1 Fingerprint=88:BF:90:CB:03:C6:10:14:FA:BB:0D:0A:3C:76:DA:D6:6E:21:54:95 +MD5 Fingerprint=A7:AD:F4:F9:37:43:8D:88:B0:EA:50:F9:3F:1E:B0:91 + +Note that *crl_url for these certs also differs in the extension + +1c1 +< http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl +- - --- +> http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.8 (Darwin) +Comment: GPGTools - http://gpgtools.org + +iEYEARECAAYFAlCS8voACgkQhXXPgPKIJgbvvgCfWJkk24m0qIcLmQU1795J22ya +fh0AoK/7uerxMR1LhW6603A7CfCHKyuw +=xdW1 +-----END PGP SIGNATURE-----
