wiki:GeniTrustAnchors

Version 25 (modified by Hussamuddin Nasir, 4 years ago) (diff)

--

Trust anchors for GENI aggregates

This page lists various trust anchors which GENI aggregates can use. There's a section for the authorities that the GPO recommends for all GENI aggregates, and a second section for authorities which some aggregates may want to trust in unusual circumstances.

A note on certificate types:

  • A self-signed SA certificate can be added to an aggregate's list of trusted certificates by itself --- it contains everything the aggregate needs in order to trust that slice authority
  • Trusting the self-signed CA certificate for the GENI clearinghouse should be all that is needed to complete the chain to the clearinghouse's trust root.
  • An SA certificate which was signed by a self-signed CA certificate requires the inclusion of both the SA and the CA certificates.

Recommended GENI slice authorities

As of May 2015, the GPO recommends that all GENI aggregates trust the following GENI slice authorities (aka "the GENI cert bundle"), allowing the users at those SAs to use resources at GENI racks, GENI backbone and regional networks, etc.

The table below includes links to the certificate file for each trust anchor.

Description Hostname Certificate type Certificate Expiration File/Checksum
GENI Clearinghouse ch.geni.net CA (self-signed) 2023-10-22 01a0938e74de99fb01e6a2c5b803679a
GENI Slice Authority(SA) N/A CA (self-signed) 2023-10-22 0bac62615d5c6df2408629b3a1881222
GENI Member Authority(MA) N/A CA (self-signed) 2023-10-22 f17373fb37329629ba325f5850c23fda
Utah ProtoGENI emulab.net CA (self-signed) 2020-10-27 ffee3bd7ff3b7cd16ef1c10087adeee5
Utah ProtoGENI SA N/A SA (signed by Utah CA) 2020-10-28 6d7231420e411d51cb18d44d16a6f863
Fed4FIRE/imec authority portal.fed4fire.eu / account.ilabt.imec.be CA (self-signed) 2119-12-31 72e6804aa1f336eab556e64dd1742abc

You can also download the entire bundle as a compressed tar file. The md5sum for the .tar.gz file itself is 29bfb0a5698404ead32429382c8f47d4 . Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.

Attachments (10)

Download all attachments as: .zip