Changes between Version 5 and Version 6 of GeniTrustAnchors


Ignore:
Timestamp:
08/29/13 13:22:34 (6 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GeniTrustAnchors

    v5 v6  
    33= Trust anchors for GENI aggregates =
    44
    5 As of GEC16 (March 2013), the GPO recommends that all GENI aggregates trust the following GENI slice authorities (aka "the GENI cert bundle"), allowing the users at those SAs to use resources at GENI racks, GENI backbone and regional networks, etc.
    6 
    7 The table below includes links to the SA certificate file, or to both of the MA and CA certificates, for each trust anchor. You can also download the entire bundle as a [attachment:geni-cert-bundle.tar.gz compressed tar file], which unpacks into a directory named "geni-cert-bundle", and includes an MD5SUMS file with md5sums for the certs. The md5sum for the .tar.gz file itself is c21e69e57ce3868d4edc302899ffc9f7.
    8 
    9 Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.
     5This page lists various trust anchors which GENI aggregates can use. There's a section for the authorities that the GPO recommends for all GENI aggregates, and a second section for authorities which some aggregates may want to trust in unusual circumstances.
    106
    117A note on certificate types:
    128 * A self-signed SA certificate can be added to an aggregate's list of trusted certificates by itself --- it contains everything the aggregate needs in order to trust that slice authority
    139 * MA and CA certificates for a host can be used as a pair --- the MA certificate signs certificates presented by individual experimenters, while the CA is the self-signed certificate needed to complete the chain to a trust root.  For most GENI aggregates, you need only install the CA cert, and the entire chain will be trusted.  However, we provide the MA cert as well in case any aggregates need both, and installing both should be harmless.
     10
     11= Recommended GENI slice authorities =
     12
     13As of March 2013, the GPO recommends that all GENI aggregates trust the following GENI slice authorities (aka "the GENI cert bundle"), allowing the users at those SAs to use resources at GENI racks, GENI backbone and regional networks, etc.
     14
     15The table below includes links to the SA certificate file, or to both of the MA and CA certificates, for each trust anchor. You can also download the entire bundle as a [attachment:geni-cert-bundle.tar.gz compressed tar file], which unpacks into a directory named "geni-cert-bundle", and includes an MD5SUMS file with md5sums for the certs. The md5sum for the .tar.gz file itself is c21e69e57ce3868d4edc302899ffc9f7.
    1416
    1517|| '''Description'''               || '''Hostname'''         || '''Certificate type''' || '''Certificate Expiration''' || '''File/Checksum'''                                                         ||
     
    2022|| GPO legacy slice authority      || pgeni.gpolab.bbn.com   || SA (self-signed)       || 2015-11-18                   || [attachment:pgeni.gpolab.bbn.com.pem 0155aa4bcbb6326651d279adc458d2ed]      ||
    2123
     24Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.
     25
     26= Other GENI slice authorities =
     27
     28Most aggregates will not want to trust the following additional slice authorities, but there may be some unusual circumstances where some might. The GPO '''does not recommend that GENI aggregates trust these authorities''' except when there's a specific concrete reason for a particular aggregate to do so.
     29
     30The table below includes links to the SA certificate file, or to both of the MA and CA certificates, for each trust anchor.
     31
     32|| '''Description'''               || '''Hostname'''         || '''Certificate type''' || '''Certificate Expiration''' || '''File/Checksum'''                                                         ||
     33|| GPO staging clearinghouse       || ch1.gpolab.bbn.com     || CA (self-signed)       || 2018-06-11                   || [attachment:ch1.gpolab.bbn.com-ca.pem 8a5e7c9194522ec79c6db2efeaa44569]     ||
     34
     35Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.