Changes between Version 4 and Version 5 of GeniTrustAnchors


Ignore:
Timestamp:
07/21/13 08:46:41 (7 years ago)
Author:
chaos@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniTrustAnchors

    v4 v5  
    1111A note on certificate types:
    1212 * A self-signed SA certificate can be added to an aggregate's list of trusted certificates by itself --- it contains everything the aggregate needs in order to trust that slice authority
    13  * MA and CA certificates for a host should be added to an aggregate's list of trusted certificates as a pair --- the MA certificate signs certificates presented by individual experimenters, while the CA is the self-signed certificate needed to complete the chain to a trust root.
     13 * MA and CA certificates for a host can be used as a pair --- the MA certificate signs certificates presented by individual experimenters, while the CA is the self-signed certificate needed to complete the chain to a trust root.  For most GENI aggregates, you need only install the CA cert, and the entire chain will be trusted.  However, we provide the MA cert as well in case any aggregates need both, and installing both should be harmless.
    1414
    1515|| '''Description'''               || '''Hostname'''         || '''Certificate type''' || '''Certificate Expiration''' || '''File/Checksum'''                                                         ||