[[PageOutline]]

= Trust anchors for GENI aggregates =

This page lists various trust anchors which GENI aggregates can use. There's a section for the authorities that the GPO recommends for all GENI aggregates, and a second section for authorities which some aggregates may want to trust in unusual circumstances.

A note on certificate types:
 * A self-signed SA certificate can be added to an aggregate's list of trusted certificates by itself --- it contains everything the aggregate needs in order to trust that slice authority
 * Trusting the self-signed CA certificate for the GENI clearinghouse should be all that is needed to complete the chain to the clearinghouse's trust root.
 * An SA certificate which was signed by a self-signed CA certificate requires the inclusion of both the SA and the CA certificates.

= Recommended GENI slice authorities =

As of May 2015, the GPO recommends that all GENI aggregates trust the following GENI slice authorities (aka "the GENI cert bundle"), allowing the users at those SAs to use resources at GENI racks, GENI backbone and regional networks, etc.

The table below includes links to the SA certificate file, or to both of the MA and CA certificates, for each trust anchor. You can also download the entire bundle as a [attachment:geni-cert-bundle.tar.gz compressed tar file]. The md5sum for the .tar.gz file itself is b8643cb0a695ff0ce2c6683e1031d133.

|| '''Description'''               || '''Hostname'''         || '''Certificate type''' || '''Certificate Expiration''' || '''!File/Checksum'''                                                        ||
|| GENI clearinghouse              || ch.geni.net            || CA (self-signed)       || 2019-03-23                   || [attachment:cacert.pem 40c979b9477822f353027ab91dc7a296]            ||
|| !PlanetLab Central              || planet-lab.org         || SA (self-signed)       || 2016-09-04                   || [attachment:plc.pem 4f0182127f4d4dc3c553d9d4a9a1a825]                       ||
|| Utah ProtoGENI                  || emulab.net             || CA (self-signed)       || 2020-10-27                   || [attachment:emulab.pem ffee3bd7ff3b7cd16ef1c10087adeee5]                    ||
|| Utah ProtoGENI SA               || N/A                    || SA (signed by Utah CA) || 2020-10-28                   || [attachment:genisa.pem ec934876592590fa9dae926cf72d6e9a]                    ||

Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.