wiki:GeniTrustAnchors

Version 3 (modified by Josh Smift, 6 years ago) (diff)

--

Trust anchors for GENI aggregates

As of GEC16 (March 2013), the GPO recommends that all GENI aggregates trust the following GENI slice authorities (aka "the GENI cert bundle"), allowing the users at those SAs to use resources at GENI racks, GENI backbone and regional networks, etc.

The table below includes links to the SA certificate file, or to both of the MA and CA certificates, for each trust anchor. You can also download the entire bundle as a compressed tar file, which unpacks into a directory named "geni-cert-bundle", and includes an MD5SUMS file with md5sums for the certs. The md5sum for the .tar.gz file itself is c21e69e57ce3868d4edc302899ffc9f7.

Refer to aggregate-specific instructions for how to configure your aggregate to trust a particular certificate.

A note on certificate types:

  • A self-signed SA certificate can be added to an aggregate's list of trusted certificates by itself --- it contains everything the aggregate needs in order to trust that slice authority
  • MA and CA certificates for a host should be added to an aggregate's list of trusted certificates as a pair --- the MA certificate signs certificates presented by individual experimenters, while the CA is the self-signed certificate needed to complete the chain to a trust root.
Description Hostname Certificate type Certificate Expiration File/Checksum
GENI clearinghouse ch.geni.net CA (self-signed) 2018-05-19 40c979b9477822f353027ab91dc7a296
GENI clearinghouse ch.geni.net MA (signed by CA) 2018-05-19 ffc8b06bd198a429245f7ef9eedaa3fb
Utah ProtoGENI emulab.net SA (self-signed) 2015-05-25 e9e6389938d71fed6ab8d667ac91f60a
PlanetLab Central planet-lab.org SA (self-signed) 2016-09-04 4f0182127f4d4dc3c553d9d4a9a1a825
GPO legacy slice authority pgeni.gpolab.bbn.com SA (self-signed) 2015-11-18 0155aa4bcbb6326651d279adc458d2ed

The following certificates are not part of the GENI bundle, but are provided on this page as well because aggregate operators may find them useful for specific projects. They are not recommended unless you have a particular need for them.

Description Hostname Certificate type Certificate Expiration File/Checksum
GPO clearinghouse (development) panther.gpolab.bbn.com CA (self-signed) 2013-06-20 2d75562db1d4979aa6d7618c1137f11a
GPO clearinghouse (development) panther.gpolab.bbn.com MA (signed by CA) 2013-06-20 027f54c99cb249b3f138a8aa5ca97472

Attachments (7)

Download all attachments as: .zip