airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ami...@apache.org
Subject svn commit: r1514450 [3/4] - in /airavata/sandbox/gsissh: certificates/ src/test/java/org/apache/airavata/gsi/ssh/impl/
Date Thu, 15 Aug 2013 19:29:11 GMT
Added: airavata/sandbox/gsissh/certificates/9b88e95b.0
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b88e95b.0?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b88e95b.0 (added)
+++ airavata/sandbox/gsissh/certificates/9b88e95b.0 Thu Aug 15 19:29:07 2013
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Pittsburgh Supercomputing Center, CN=PSC Root CA
+        Validity
+            Not Before: Aug 17 16:46:13 2006 GMT
+            Not After : Mar 17 05:00:00 2016 GMT
+        Subject: C=US, O=Pittsburgh Supercomputing Center, CN=PSC Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d0:d7:21:a6:fd:53:92:ad:4d:86:95:5b:c3:21:
+                    02:b1:8e:67:22:c5:04:cd:8a:b8:03:66:20:76:12:
+                    70:77:8e:78:a6:79:04:e3:cb:2b:ed:cb:6a:16:5d:
+                    fe:24:4c:c3:19:8a:ad:9b:be:ce:7a:26:65:3f:04:
+                    db:3d:81:cc:92:91:ae:0a:9c:b1:a5:72:c3:45:0a:
+                    0b:01:01:af:2f:50:f8:6d:ef:c7:1a:8d:8c:c6:39:
+                    71:c5:dd:41:9f:f8:56:06:17:d0:14:b4:64:51:ab:
+                    00:b9:c0:6d:d0:3a:42:1c:4f:3e:1d:fa:f5:77:41:
+                    bc:7e:02:20:62:e4:6d:33:02:73:17:f8:31:e0:47:
+                    f7:8b:fe:20:4e:38:ca:b8:ff:eb:2f:68:e3:17:cb:
+                    7b:ca:41:f6:e5:a9:9d:b5:4c:37:09:f3:fc:58:2e:
+                    a8:ef:43:5a:78:af:c3:05:56:32:00:55:80:fc:6c:
+                    8c:15:bb:b6:25:f6:6d:e3:21:05:4b:ad:53:15:7f:
+                    5b:39:c8:f2:f6:b5:b3:13:36:dc:15:fd:57:39:74:
+                    4b:9c:bd:8e:04:23:7c:34:4e:2e:3a:de:32:c7:45:
+                    dd:e6:37:de:52:3a:2c:b3:58:71:cc:3e:3a:e0:0c:
+                    3e:0b:59:a0:03:d1:b4:35:8c:ac:8e:51:56:40:5c:
+                    21:57
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                08:4A:92:96:A5:B0:0B:1D:9F:D9:2F:E9:52:7D:19:97:CF:80:6A:41
+            X509v3 Authority Key Identifier: 
+                keyid:08:4A:92:96:A5:B0:0B:1D:9F:D9:2F:E9:52:7D:19:97:CF:80:6A:41
+                DirName:/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
+                serial:01
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha1WithRSAEncryption
+        8f:fd:1a:5a:43:e7:da:52:06:07:e6:dd:c9:92:b3:ca:b8:58:
+        70:75:1a:4a:89:b3:15:c2:0d:f2:40:50:31:32:d6:aa:04:0e:
+        7f:62:59:a2:2b:96:3e:bd:4d:ec:2f:f5:3e:cc:0b:14:39:b5:
+        e0:fc:cd:7d:c7:24:b4:bc:ec:21:20:41:be:25:f3:91:ed:57:
+        ac:8c:62:6e:32:a5:5b:c8:e1:43:46:76:e0:e2:16:a1:32:a9:
+        c4:17:25:5a:9e:2c:9a:af:83:0c:4b:28:6a:72:a3:29:dc:b3:
+        91:c4:b4:f3:ea:3a:99:7c:64:e7:a3:a4:db:f1:47:2f:f0:68:
+        b5:4b:09:6b:27:e3:95:22:d8:05:d6:89:08:f5:7e:56:2c:b6:
+        ab:79:62:0d:76:56:74:0d:c8:c2:25:fe:5e:7e:de:45:35:92:
+        54:55:5d:eb:a3:37:80:85:87:12:c6:bd:de:23:6a:58:3b:0e:
+        36:69:02:85:2a:cf:ee:f1:5c:be:b4:95:84:e3:3b:a5:58:f9:
+        47:ac:de:2a:10:60:16:ac:4f:dc:2e:8c:73:51:88:4a:5d:8c:
+        9e:36:84:9f:ea:92:14:32:0d:9a:96:d7:34:8a:d2:fd:61:e5:
+        a8:28:62:c4:b5:ba:22:9c:11:37:0a:08:dc:5e:a0:d0:82:67:
+        33:fd:ec:a8
+-----BEGIN CERTIFICATE-----
+MIID0zCCArugAwIBAgIBATANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEp
+MCcGA1UEChMgUGl0dHNidXJnaCBTdXBlcmNvbXB1dGluZyBDZW50ZXIxFDASBgNV
+BAMTC1BTQyBSb290IENBMB4XDTA2MDgxNzE2NDYxM1oXDTE2MDMxNzA1MDAwMFow
+TjELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIFBpdHRzYnVyZ2ggU3VwZXJjb21wdXRp
+bmcgQ2VudGVyMRQwEgYDVQQDEwtQU0MgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANDXIab9U5KtTYaVW8MhArGOZyLFBM2KuANmIHYScHeO
+eKZ5BOPLK+3LahZd/iRMwxmKrZu+znomZT8E2z2BzJKRrgqcsaVyw0UKCwEBry9Q
++G3vxxqNjMY5ccXdQZ/4VgYX0BS0ZFGrALnAbdA6QhxPPh369XdBvH4CIGLkbTMC
+cxf4MeBH94v+IE44yrj/6y9o4xfLe8pB9uWpnbVMNwnz/FguqO9DWnivwwVWMgBV
+gPxsjBW7tiX2beMhBUutUxV/WznI8va1sxM23BX9Vzl0S5y9jgQjfDROLjreMsdF
+3eY33lI6LLNYccw+OuAMPgtZoAPRtDWMrI5RVkBcIVcCAwEAAaOBuzCBuDAdBgNV
+HQ4EFgQUCEqSlqWwCx2f2S/pUn0Zl8+AakEwdgYDVR0jBG8wbYAUCEqSlqWwCx2f
+2S/pUn0Zl8+AakGhUqRQME4xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBQaXR0c2J1
+cmdoIFN1cGVyY29tcHV0aW5nIENlbnRlcjEUMBIGA1UEAxMLUFNDIFJvb3QgQ0GC
+AQEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEF
+BQADggEBAI/9GlpD59pSBgfm3cmSs8q4WHB1GkqJsxXCDfJAUDEy1qoEDn9iWaIr
+lj69Tewv9T7MCxQ5teD8zX3HJLS87CEgQb4l85HtV6yMYm4ypVvI4UNGduDiFqEy
+qcQXJVqeLJqvgwxLKGpyoyncs5HEtPPqOpl8ZOejpNvxRy/waLVLCWsn45Ui2AXW
+iQj1flYstqt5Yg12VnQNyMIl/l5+3kU1klRVXeujN4CFhxLGvd4jalg7DjZpAoUq
+z+7xXL60lYTjO6VY+Ues3ioQYBasT9wujHNRiEpdjJ42hJ/qkhQyDZqW1zSK0v1h
+5agoYsS1uiKcETcKCNxeoNCCZzP97Kg=
+-----END CERTIFICATE-----

Added: airavata/sandbox/gsissh/certificates/9b88e95b.crl_url
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b88e95b.crl_url?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b88e95b.crl_url (added)
+++ airavata/sandbox/gsissh/certificates/9b88e95b.crl_url Thu Aug 15 19:29:07 2013
@@ -0,0 +1 @@
+http://www.psc.edu/ca/crl/9b88e95b.r0

Added: airavata/sandbox/gsissh/certificates/9b88e95b.psc-root.cadesc
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b88e95b.psc-root.cadesc?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b88e95b.psc-root.cadesc (added)
+++ airavata/sandbox/gsissh/certificates/9b88e95b.psc-root.cadesc Thu Aug 15 19:29:07 2013
@@ -0,0 +1,15 @@
+CA_NAME             PSC Root Certificate Authority
+HOMEPAGE            http://www.psc.edu/ca/
+CONTACT             ca-admin@psc.edu
+HASH                9b88e95b
+# SIGNED_BY           self
+SUBJECT             /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
+MAY_SIGN            /C=US/O=Pittsburgh Supercomputing Center/*
+CERTIFICATE_MD5     A4:DC:F4:AB:62:B1:6B:8C:90:78:03:94:A6:8E:B9:5A
+CERTIFICATE_SHA1    76:14:59:94:16:2B:E2:05:C9:16:3F:85:8E:7C:70:EE:B9:DD:84:50
+CERTIFICATE_URL     http://www.psc.edu/ca/cert/9b88e95b.0
+SIGNING_POLICY_URL  http://www.psc.edu/ca/cert/9b88e95b.signing_policy
+CRL_URL             http://www.psc.edu/ca/crl/9b88e95b.r0
+# CERT_BEGINS         Thu 2006-08-17 16:46:13 UTC
+CERT_EXPIRES        Thu 2016-03-17 05:00:00 UTC
+

Added: airavata/sandbox/gsissh/certificates/9b88e95b.signing_policy
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b88e95b.signing_policy?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b88e95b.signing_policy (added)
+++ airavata/sandbox/gsissh/certificates/9b88e95b.signing_policy Thu Aug 15 19:29:07 2013
@@ -0,0 +1,3 @@
+ access_id_CA      X509         '/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA'
+ pos_rights        globus       CA:sign
+ cond_subjects     globus       '"/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Web Services CA"'

Added: airavata/sandbox/gsissh/certificates/9b95bbf2.0
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b95bbf2.0?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b95bbf2.0 (added)
+++ airavata/sandbox/gsissh/certificates/9b95bbf2.0 Thu Aug 15 19:29:07 2013
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzjCCAragAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJVUzE4
+MDYGA1UEChMvTmF0aW9uYWwgQ2VudGVyIGZvciBTdXBlcmNvbXB1dGluZyBBcHBs
+aWNhdGlvbnMxIDAeBgNVBAsTF0NlcnRpZmljYXRlIEF1dGhvcml0aWVzMQ0wCwYD
+VQQDEwRDQUNMMB4XDTA3MDQyNDE5MjMxOFoXDTI3MDQyNDE5MjMxOFoweDELMAkG
+A1UEBhMCVVMxODA2BgNVBAoTL05hdGlvbmFsIENlbnRlciBmb3IgU3VwZXJjb21w
+dXRpbmcgQXBwbGljYXRpb25zMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dGllczENMAsGA1UEAxMEQ0FDTDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAMphpcSwjIJX1bIAo2TIvsi7o10LNneEqnT0MtpoXBWsXu0eS7ax3yZMO46q
+RPxLgm6BVa7CIwzQ/CuNOP8RjrZdts9VTejwV/CujVQ63B5UZUbIbV9MPG2MRt2b
+4rm3fnjKJQ2jK8AFybZ0JqtK1xVFqkTla6mAvp/C1Z7XBWnZrGtoOttNU2EdKQlv
+BcTxrtgQklNHmH8TSnhpc3PG0MKeMyG06Hu+4HMPPKamJtwXh4Dq0rtIYDVvHdCw
+Ymnag9XAaMMI9Gl9vSpGzsHz2uJJ0qc0TeatgBNVgFOf6qvO40ByKLIZ7rsR4lkM
+pQmIiCYfRbjEME1yPPwKI28o66ECAwEAAaNjMGEwHQYDVR0OBBYEFLFflv/hqTeo
+cXgjPOFT7eiZuxm3MB8GA1UdIwQYMBaAFLFflv/hqTeocXgjPOFT7eiZuxm3MA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IB
+AQDCA9SOVNKMhlEJQcMTkgj7fZvUGqcb/ST50IAaaq+5AAEocUdyC9QPuXYzFilf
+aCdEvk3uSjdFdIHPjAr6eu/zOtXanhNFGPPsJX+9WOMNP8qcirVYex3VSSclqiCA
++PjbdC4AecfgrEnUOQFEJ7xexa7l7OOvwUfbVPp0B9R6DqCZAVShgLdu1Ce5JUZL
+A26lVMmukVUWUZkuyzDTuBQwCssw0+oab4fyuTnBmRTRGAp/Fgdne9wWDMEqrhak
+vFiAa0lMYGI2U+qYVrKUzAR+Do8LWKawkko7bHRWj/yibbctkGzMGrq6ZQcHokZi
+yZEU14uKctMk7IJGnn0Lm6DQ
+-----END CERTIFICATE-----

Added: airavata/sandbox/gsissh/certificates/9b95bbf2.crl_url
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b95bbf2.crl_url?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b95bbf2.crl_url (added)
+++ airavata/sandbox/gsissh/certificates/9b95bbf2.crl_url Thu Aug 15 19:29:07 2013
@@ -0,0 +1 @@
+http://ca.ncsa.uiuc.edu/9b95bbf2.r0

Added: airavata/sandbox/gsissh/certificates/9b95bbf2.signing_policy
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9b95bbf2.signing_policy?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9b95bbf2.signing_policy (added)
+++ airavata/sandbox/gsissh/certificates/9b95bbf2.signing_policy Thu Aug 15 19:29:07 2013
@@ -0,0 +1,3 @@
+access_id_CA   X509    '/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=CACL'
+pos_rights     globus  CA:sign
+cond_subjects  globus  '"/C=US/O=National Center for Supercomputing Applications/OU=Services/CN=*" "/C=US/O=National Center for Supercomputing Applications/OU=People/CN=*"'

Added: airavata/sandbox/gsissh/certificates/9c3efee6.0
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9c3efee6.0?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9c3efee6.0 (added)
+++ airavata/sandbox/gsissh/certificates/9c3efee6.0 Thu Aug 15 19:29:07 2013
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4jCCAsqgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UEBhMCVVMx
+ODA2BgNVBAoTL05hdGlvbmFsIENlbnRlciBmb3IgU3VwZXJjb21wdXRpbmcgQXBw
+bGljYXRpb25zMSAwHgYDVQQLExdDZXJ0aWZpY2F0ZSBBdXRob3JpdGllczEWMBQG
+A1UEAxMNVHdvIEZhY3RvciBDQTAeFw0xMjAyMDMxNzUzMzFaFw0zMjAyMDIxNzUz
+MzFaMIGBMQswCQYDVQQGEwJVUzE4MDYGA1UEChMvTmF0aW9uYWwgQ2VudGVyIGZv
+ciBTdXBlcmNvbXB1dGluZyBBcHBsaWNhdGlvbnMxIDAeBgNVBAsTF0NlcnRpZmlj
+YXRlIEF1dGhvcml0aWVzMRYwFAYDVQQDEw1Ud28gRmFjdG9yIENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNeW92XMV6Y2LrMQIHnMHSsIEBNmozCH
+LKvH0rl21dfiYAUHHAdW+i85D77cFevhOlLhNvly2lSKBrD3qoj5eCzFCOrOh+ZC
+84MFN/vTQu2EqkkEHYflqb2RbseNw4ad1RIr4hVgwLGXHO3w5AIdKi4rPxhCIinS
+geIPJ6kG/lYLzpcXjUZsNS9XVWatkXWtfA3dblP4LbUKsKs+FVhEn+9jMTwlNQ63
+nMPecBNA5PCyvS8MPY1gtz/bMQKtWLFDleoxgvaEK8YBZVHO4wc7xobSNgIf37+H
+3U990zlrx/4p08XDBcH8AGXQiUnAGHmryNOFooEKnsP25Gb7rR5APQIDAQABo2Mw
+YTAdBgNVHQ4EFgQUIuSlGVh1aOUfIAj5K/9uCpc2pJ4wHwYDVR0jBBgwFoAUIuSl
+GVh1aOUfIAj5K/9uCpc2pJ4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBADjv8yARi4A6GJ4KQcYT9/2fFQi+xWxI8916
+/JuAwya+5Oco5bV6hkTVWfjRYMbdwHXp8sH7aXDduftbqRwDcplyXlEShAEsnAfX
+tGj1+xRSDTXYS+FMdCYu+zZdHDMRuihFlU1k30JNJ4yIKnW46efaRP2OnLQkPRud
+pKQtH1vQbwo/MADCT9o+/RSVzMYxV+Ue/F2YJcEWnxawxFzpnUxYWIkQ642mOCGu
+XY2x6jEgmZy1ryYaajz+m2E2P0Y42HiL6atz1Wc9V8CP0BANbX89OLFkAgevLMl0
+GIWBVq58rul9OB9nXs24m1JKWVP+N60FMf6W4eX6J1tLKi9OjiY=
+-----END CERTIFICATE-----

Added: airavata/sandbox/gsissh/certificates/9c3efee6.crl_url
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9c3efee6.crl_url?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9c3efee6.crl_url (added)
+++ airavata/sandbox/gsissh/certificates/9c3efee6.crl_url Thu Aug 15 19:29:07 2013
@@ -0,0 +1 @@
+http://ca.ncsa.illinois.edu/679cff61.r0

Added: airavata/sandbox/gsissh/certificates/9c3efee6.info
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9c3efee6.info?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9c3efee6.info (added)
+++ airavata/sandbox/gsissh/certificates/9c3efee6.info Thu Aug 15 19:29:07 2013
@@ -0,0 +1,8 @@
+alias = NCSA-tfca
+url = https://security.ncsa.illinois.edu/CA/
+ca_url =  https://security.ncsa.illinois.edu/CA/679cff61.0
+crl_url = http://ca.ncsa.illinois.edu/679cff61.r0
+email = security@ncsa.illinois.edu
+status =  accredited:slcs
+version = @VERSION@
+sha1fp.0 = @SHA1FP.0@

Added: airavata/sandbox/gsissh/certificates/9c3efee6.signing_policy
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9c3efee6.signing_policy?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9c3efee6.signing_policy (added)
+++ airavata/sandbox/gsissh/certificates/9c3efee6.signing_policy Thu Aug 15 19:29:07 2013
@@ -0,0 +1,3 @@
+access_id_CA   X509    '/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=Two Factor CA'
+pos_rights     globus  CA:sign
+cond_subjects  globus  '/C=US/O=National Center for Supercomputing Applications/CN=*'

Added: airavata/sandbox/gsissh/certificates/9dd23746.0
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9dd23746.0?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9dd23746.0 (added)
+++ airavata/sandbox/gsissh/certificates/9dd23746.0 Thu Aug 15 19:29:07 2013
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFlDCCBHygAwIBAgIBADANBgkqhkiG9w0BAQUFADBDMRIwEAYKCZImiZPyLGQB
+GRYCZXMxGDAWBgoJkiaJk/IsZAEZFghpcmlzZ3JpZDETMBEGA1UEAxMKSVJJU0dy
+aWRDQTAeFw0wNTA2MjgwNTAyMjhaFw0xNTA2MjYwNTAyMjhaMEMxEjAQBgoJkiaJ
+k/IsZAEZFgJlczEYMBYGCgmSJomT8ixkARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJ
+UklTR3JpZENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CQiWlff
+ajoMSTuismKqLQ+Mt33Tq4bBpCZvCBXhqan1R0ksILPtK1L7C8QWqPk6AZZpuNmY
+cNVtJGc8ksgDWvX0EB3GKwZTZ8RrSRlSEe9Otq+Ur7S9uxM1JMmCr6zZTMFANzBS
+4btnduV78C09IhFYG4OW8IPhNrbfPaeOR+PRPAa/qdSONAwTrM1sZkIvGpAkBWM6
+Pn7TK9BAK6GLvwgii780fWj3Cwgmp8EDCTievBbWj+z8/apMEy9R0vyB2dWNNCnk
+6q8VvrjgMsJt33O3BqOoBuZ8R/SS9OFWLFSU3s7cfrRaUSJk/Mx8OGFizRkcXSzX
+0Nidcg7hX5i78wIDAQABo4ICkTCCAo0wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUnUJkLlupXvH/bMg8NtPxtkOYrRowawYDVR0jBGQwYoAUnUJkLlupXvH/bMg8
+NtPxtkOYrRqhR6RFMEMxEjAQBgoJkiaJk/IsZAEZFgJlczEYMBYGCgmSJomT8ixk
+ARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJUklTR3JpZENBggEAMA4GA1UdDwEB/wQE
+AwIBxjARBglghkgBhvhCAQEEBAMCAAcwOwYJYIZIAYb4QgENBC4WLElSSVNHcmlk
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlcnRpZmljYXRlMIGZBgNVHR8EgZEw
+gY4wLqAsoCqGKGh0dHA6Ly93d3cuaXJpc2dyaWQuZXMvcGtpL2NybC9jYWNybC5w
+ZW0wXKBaoFiGVmxkYXA6Ly9sZGFwLmlyaXNncmlkLmVzOjEzODAvY249SVJJU0dy
+aWRDQSxkYz1pcmlzZ3JpZCxkYz1lcz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
+MDcGCWCGSAGG+EIBAwQqFihodHRwOi8vd3d3LmlyaXNncmlkLmVzL3BraS9jcmwv
+Y2FjcmwucGVtME4GCWCGSAGG+EIBCARBFj9odHRwOi8vd3d3LmlyaXNncmlkLmVz
+L3BraS9wb2xpY3kvMS4zLjYuMS40LjEuNzU0Ny4yLjIuNC4xLjEuMS8waQYDVR0g
+BGIwYDBeBg0rBgEEAbp7AgIEAQEBME0wSwYIKwYBBQUHAgEWP2h0dHA6Ly93d3cu
+aXJpc2dyaWQuZXMvcGtpL3BvbGljeS8xLjMuNi4xLjQuMS43NTQ3LjIuMi40LjEu
+MS4xLzANBgkqhkiG9w0BAQUFAAOCAQEAaqRfyLER+P2QOZLLdz66m7FGsgtFsAEx
+wiNrIChFWfyHVZG7Ph1fn/GDD5LMsrU23lx3NBN5/feHuut1XNYKNs8vtV07D70r
+DKjUlPbmWV0B+/GDxe1FDGop/tKQfyHSUaBuauXChFU/2INu5lhBerNl7QxNJ1ws
+cWGiT7R+L/2EjgzWgH1V/0zmIOMep6kY7MUs8rlyF0O5MNFs232cA1trl9kvhAGU
+9p58Enf5DWMrh17SPH586yIJeiWZtPez9G54ftY+XIqfn0X0zso0dnoXNJQYS043
+/5vSnoHdRx/EmN8yjeEavZtC48moN0iJ38eB44uKgCD77rZW5s1XqA==
+-----END CERTIFICATE-----

Added: airavata/sandbox/gsissh/certificates/9dd23746.crl_url
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9dd23746.crl_url?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9dd23746.crl_url (added)
+++ airavata/sandbox/gsissh/certificates/9dd23746.crl_url Thu Aug 15 19:29:07 2013
@@ -0,0 +1 @@
+http://www.irisgrid.es/pki/crl/cacrl.pem

Added: airavata/sandbox/gsissh/certificates/9dd23746.signing_policy
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/9dd23746.signing_policy?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/9dd23746.signing_policy (added)
+++ airavata/sandbox/gsissh/certificates/9dd23746.signing_policy Thu Aug 15 19:29:07 2013
@@ -0,0 +1,5 @@
+# @(#)$Id: 9dd23746.signing_policy,v 1.2 2006/03/02 11:40:46 pmacvsdg Exp $
+#
+ access_id_CA      X509         '/DC=es/DC=irisgrid/CN=IRISGridCA'
+ pos_rights        globus        CA:sign
+ cond_subjects     globus       '"/DC=es/DC=irisgrid/*"'

Added: airavata/sandbox/gsissh/certificates/CHECKSUM.MD5
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/CHECKSUM.MD5?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/CHECKSUM.MD5 (added)
+++ airavata/sandbox/gsissh/certificates/CHECKSUM.MD5 Thu Aug 15 19:29:07 2013
@@ -0,0 +1,86 @@
+MD5 (16da7552.0) = 80185f9098632a28f967396c76104f1a
+MD5 (16da7552.crl_url) = 134e5f1d879b373c99a61af9ce4684ae
+MD5 (16da7552.signing_policy) = c614c9de953678c8f2272aa47a6ee66d
+MD5 (1c3f2ca8.0) = 2accd5643b1809ffc8f7dd0c064e1218
+MD5 (1c3f2ca8.crl_url) = 40220f1f3f1e4e6f4acef77b2a35a803
+MD5 (1c3f2ca8.signing_policy) = fb2b2f10d7eea2fca0efca6f40c6a129
+MD5 (2ac09305.0) = eb54581304689b1e8f2d898f9e669daf
+MD5 (2ac09305.crl_url) = c360668b7263f685e9ebd0c75c323b79
+MD5 (2ac09305.signing_policy) = abf379fb78f764f0c9b6058d745ce629
+MD5 (2f3fadf6.0) = 0e0da9c5fa8df71827d7ea2fbae7ae35
+MD5 (2f3fadf6.crl_url) = 0414dac4d49661e3f7940b27793b0da9
+MD5 (2f3fadf6.signing_policy) = ef7dc0a1f15d0511664e6347f232ee7e
+MD5 (367b75c3.0) = c8cedaafe93f8989d1b2af140317b280
+MD5 (367b75c3.crl_url) = 3396a6e2ea4e55558432f8007c9aa328
+MD5 (367b75c3.signing_policy) = 34e8e653664c92325a66dbd5adcf5aec
+MD5 (3deda549.0) = 23d0c49d887adb1a417d7f0aebd8e635
+MD5 (3deda549.crl_url) = 9ac428895d613f06051c161fe0719bd3
+MD5 (3deda549.signing_policy) = a581b7a8f407e96d6859c7db24b5da1c
+MD5 (4b2783ac.0) = 1f4c0ec558e7e45bedbeb280ccad11c4
+MD5 (4b2783ac.crl_url) = 6a188c52ed8fa0b63fc05894c4f30482
+MD5 (4b2783ac.info) = 0de01e56504f9f99db33a225a913786a
+MD5 (4b2783ac.namespaces) = 6f4cceee169fae1b57ab9c14efab1bde
+MD5 (4b2783ac.psc-myproxy.cadesc) = b34e5e0bb060a2845caa478bbdf8bb25
+MD5 (4b2783ac.signing_policy) = 9280581f4a4707efe246714410058fc7
+MD5 (67e8acfa.0) = 1ab683dae9d042f1b994afcb622dda78
+MD5 (67e8acfa.crl_url) = 66277375361a84e31b9880357ff9f1f0
+MD5 (67e8acfa.signing_policy) = fe9300ed6017595137a1c5aa4c6deb76
+MD5 (684261aa.0) = fb5863d767fbdd506190dfe44f8fcee3
+MD5 (684261aa.crl_url) = 4c6e71dedc2cc040e72c91902a5dd3cc
+MD5 (684261aa.signing_policy) = 941d3043540920930a9a8c110c329a31
+MD5 (684261aa.tacc.cadesc) = 3dca055e41f916b2b3971531eff06942
+MD5 (684261aa.tacc.cadesc.sig) = 71306b02067a1a1f1dc46f950a4ecf43
+MD5 (95009ddc.0) = 1f88df6c8e4974576e675578603f8d29
+MD5 (95009ddc.crl_url) = b0f2d69577ddc9da4badcfd75f2f7a7e
+MD5 (95009ddc.signing_policy) = d2b2a3a710276d4dc7e7ff4436079d88
+MD5 (98ef0ee5.0) = a5ddc328fbed793848a45fc83ed645bf
+MD5 (98ef0ee5.crl_url) = 25c41bf4c118225cea36b4807f5a30a0
+MD5 (98ef0ee5.signing_policy) = eabe775d6f2ae955fe21fd7d0ec8ea69
+MD5 (9a1da9f9.0) = fa9b554add1f878bef5c699661cee1a9
+MD5 (9a1da9f9.crl_url) = 8d12782b0e63fd50f1b8b03569194eea
+MD5 (9a1da9f9.signing_policy) = 57e9ee2a91d5ea8d06d0426f02fd5d28
+MD5 (9b88e95b.0) = b49a9bfefd1e302fe6f15186f73c9bcd
+MD5 (9b88e95b.crl_url) = 2414c04f8bfaec7a96f864b6284d93e1
+MD5 (9b88e95b.psc-root.cadesc) = b43192cdce2ccbefbc6f02f3f6ee54a7
+MD5 (9b88e95b.signing_policy) = 1601c1e4396ab8de4c558c2387629eef
+MD5 (9b95bbf2.0) = 54946dfe70cc379ff5eee0a433450e37
+MD5 (9b95bbf2.crl_url) = 957e4f28f63dd1ccd93fba76ca59a95a
+MD5 (9b95bbf2.signing_policy) = 65d65773fd6699ec6a1172ff0d10bf48
+MD5 (9dd23746.0) = 6fd3a51227e2b0fe80739c6c6aca5eb0
+MD5 (9dd23746.crl_url) = e76c6f458047cad083d90df00da5419d
+MD5 (9dd23746.signing_policy) = 3e94400933e5b8eb55a920107212ccf6
+MD5 (DOEGrids_provenance) = 13f9b3249f02c95f5a510d2a1c7e1717
+MD5 (INFN_provenance) = 0e1d1b120ac1983794378197f369d953
+MD5 (NCSA_CACL_provenance) = b67c7c170cb6bf727f737fc1a2d37d1c
+MD5 (NCSA_GridShib_provenance) = 939ab69f8a33dfe3858bcea3df2c476d
+MD5 (NCSA_MyProxy_provenance) = 4a0b76cd9e26c4d147168c73bab08f7b
+MD5 (PSC_provenance) = 5e55d256db97b122409c0c14a6a7fcfc
+MD5 (README) = 09a74eeda8ed82dc89ae69398937daba
+MD5 (TACC_MICS_provenance) = 3d5e1786dbd058d379130200f89f718b
+MD5 (TACC_provenance) = fcef4397560a21d43df1f1c177c4cb24
+MD5 (UKeScience_provenance) = 329fe217b2e124014a4a58e708f1b44c
+MD5 (acc06fda.0) = 35eb67ca83ea61561759d50bbf724417
+MD5 (acc06fda.crl_url) = 052108cc53dff4f26ba6e3f24b9b50f0
+MD5 (acc06fda.psc-host.cadesc) = b5a8497273a0986ab525868d9bd92304
+MD5 (acc06fda.signing_policy) = ae1fbbb080d06943fec69a2f1b6ad861
+MD5 (b89793e4.0) = 15a8e12656710375be7d236ef0f7ae7a
+MD5 (b89793e4.crl_url) = be78e2beabab69a744501b4ad9b14000
+MD5 (b89793e4.signing_policy) = 5097b54753167fbb1e70884666220717
+MD5 (d1b603c3.0) = dfc3d126d0287fa1b0966dd771c2c71c
+MD5 (d1b603c3.crl_url) = e273ca8a7262f45e0be63d86f75477fe
+MD5 (d1b603c3.signing_policy) = f4806c5a15bc3a281dce015603809548
+MD5 (e5cc84c2.0) = 5ed0369d2cd8e799e2a6fd982d3729b5
+MD5 (e5cc84c2.crl_url) = e635f6691983f7516c4dbfc53aaef458
+MD5 (e5cc84c2.signing_policy) = 1b070adf710f6b1ae242f3718221cbc6
+MD5 (e5cc84c2.tacc.cadesc) = 493c81fe137cab8016833ec86d8bf332
+MD5 (e5cc84c2.tacc.cadesc.sig) = 78de54a252c9a2b1b4faa86428dd9f69
+MD5 (e8ac4b61.0) = cca6efa3fb9e3cb07dd9d74b7c303f2b
+MD5 (e8ac4b61.crl_url) = 308ce01572934efa595707bdb4f38761
+MD5 (e8ac4b61.signing_policy) = 378df95ca3ebd9271064dcbf5368368d
+MD5 (f2e89fe3.0) = 72a5df89ec5931261be1104cacca5c8b
+MD5 (f2e89fe3.crl_url) = f5c7555d3d77b1666b8b4d808e15449c
+MD5 (f2e89fe3.signing_policy) = 9af1c7030196313b87ad6af0808cb77a
+MD5(b93d6240.0)= 68487cdb18d24140af0fa40f4fb17ed4
+MD5(b93d6240.crl_url)= 315dc8870cfd254b542cea553ff7a7a7
+MD5(b93d6240.info)= 45ff6d4b0fe063142a95ff4dcadb78c2
+MD5(b93d6240.signing_policy)= b5c09e3aab41302c012aabfecd7bb5f1

Added: airavata/sandbox/gsissh/certificates/DOEGrids_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/DOEGrids_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/DOEGrids_provenance (added)
+++ airavata/sandbox/gsissh/certificates/DOEGrids_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,100 @@
+[ removed DOE Grids CA certs 12d0dac8.* 1c3f2ca8.* 2013-01-28 dsimmel ]
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Replacement DOE Grids CRL URL, May 2009 (mccreary) ]
+
+Retrieved from
+<https://pki1.doegrids.org/Other/>
+	DOEGrids.tar
+	DOEGrids.tar.asc
+
+on 01May09. Web server presented certificate w/ subject:
+
+	CN = pki1.doegrids.org
+	OU = hosts
+Serial Num = 42:25
+
+from authority:
+
+	CN = DOEGrids CA 1
+	O  = DOEGrids CA 1
+	OU = Certificate Authorities
+
+Valid from 07May07 until 07May2012
+
+Fingerprints:
+	SHA1	4B:A2:9C:B8:86:8A:87:DD:4A:25:D8:6B:D4:6B:15:11:AB:1D:45:8C
+	MD5	95:53:C1:1C:45:A9:61:36:96:5B:74:60:F1:01:6A:08
+
+Verified untrusted GPG signature:
+dubfwe:~/repo/security/new mccreary$ gpg --verify DOEGrids.tar{.asc,}
+gpg: Signature made Fri Mar 27 13:05:00 2009 MDT using RSA key ID 9995D24A
+gpg: Good signature from "Dhiva <dhiva@es.net>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg:          There is no indication that the signature belongs to the owner.
+Primary key fingerprint: 209B 63C2 1FC5 35BE 94F7  2C71 5BE6 31C1 9995 D24A
+
+Updated 1c3f2ca8.crl_url:
+dubfwe:~/repo/security/certificates mccreary$ diff 1c3f2ca8.crl_url ../new/doegrids/1c3f2ca8.crl_url 
+1c1
+< http://pki1.doegrids.org/CRL/1c3f2ca8.r0
+- ---
+> http://crl.doegrids.org/1c3f2ca8/1c3f2ca8.r0
+
+Verified that other files have no significant differences from current tarball:
+	1c3f2ca8.0
+
+dubfwe:~/repo/security/certificates mccreary$ openssl x509 -subject -fingerprint -sha1 -noout -in 1c3f2ca8.0 
+subject= /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
+SHA1 Fingerprint=2D:7C:01:FE:A8:40:6A:D0:2E:80:F5:08:E4:D2:EB:A3:A8:84:F8:90
+MD5 Fingerprint=F3:76:00:EC:D0:8E:DB:20:BC:2B:E0:06:60:24:C4:9F
+
+	1c3f2ca8.signing_policy
+
+dubfwe:~/repo/security/certificates mccreary$ diff 1c3f2ca8.signing_policy ../new/doegrids/1c3f2ca8.signing_policy 
+1c1
+< # $Id: 1c3f2ca8.signing_policy,v 1.3 2006/08/23 23:07:04 dhiva Exp $ 
+- ---
+> # $Id: 1c3f2ca8.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ 
+40a41,43
+> # Revision 1.1  2009/03/27 18:31:33  dhiva
+> # *** empty log message ***
+> #
+59c62
+< # $Id: 1c3f2ca8.signing_policy,v 1.3 2006/08/23 23:07:04 dhiva Exp $ Included
+- ---
+> # $Id: 1c3f2ca8.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ Included
+
+	d1b603c3.0
+
+dubfwe:~/repo/security/certificates mccreary$ openssl x509 -subject -fingerprint -sha1 -noout -in d1b603c3.0 
+subject= /DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
+SHA1 Fingerprint=F2:63:97:A8:B2:D5:1F:94:CC:0F:06:5A:FE:76:5D:F3:CF:28:81:A0
+MD5 Fingerprint=32:AC:21:5D:DE:43:73:E9:3A:EE:90:BC:17:C4:8F:36
+
+	d1b603c3.crl_url
+	d1b603c3.signing_policy
+
+dubfwe:~/repo/security/certificates mccreary$ diff d1b603c3.signing_policy ../new/doegrids/d1b603c3.signing_policy 
+1c1
+< # $Id: d1b603c3.signing_policy,v 1.5 2006/04/20 20:23:16 helm Exp $
+- ---
+> # $Id: d1b603c3.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $
+34a35,37
+> # Revision 1.1  2009/03/27 18:31:33  dhiva
+> # *** empty log message ***
+> #
+52c55
+< # $Id: d1b603c3.signing_policy,v 1.5 2006/04/20 20:23:16 helm Exp $ included for all these files
+- ---
+> # $Id: d1b603c3.signing_policy,v 1.1 2009/03/27 18:31:33 dhiva Exp $ included for all these files
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (Darwin)
+
+iD8DBQFJ+2V9YjEf42hR7yYRApzdAJ9a4xq8oLzGZG+9U3Q0OCrdLm8NiwCfRFvu
+BWX1ikzv2jgdMZc+i8MFJgg=
+=eVq6
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/INFN_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/INFN_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/INFN_provenance (added)
+++ airavata/sandbox/gsissh/certificates/INFN_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,60 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Replacement INFN signing policy, May 2008 (mccreary) ]
+
+Retrieved from
+<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/>
+	ca_INFN-CA-2006-1.28.tar.gz
+
+on 01May09. Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Updated 2f3fadf6.signing_policy:
+dubfwe:~/repo/security/certificates mccreary$ diff 2f3fadf6.signing_policy ../new/ca_INFN-CA-2006-1.28/2f3fadf6.signing_policy 
+1,3c1,4
+<  access_id_CA      X509         '/C=IT/O=INFN/CN=INFN CA'
+<  pos_rights        globus       CA:sign
+<  cond_subjects     globus       '"/C=IT/O=INFN/OU=Personal Certificate/L=*/CN=*"' '"/C=IT/O=INFN/OU=Host/L=*/CN=*"' '"/C=IT/O=INFN/OU=Service/L=*/CN=*"'
+- ---
+> # @(#)$Id: 2f3fadf6.signing_policy,v 1.1 2006/10/10 10:13:18 pmacvsdg Exp $
+> access_id_CA            X509    '/C=IT/O=INFN/CN=INFN CA'
+> pos_rights            globus  CA:sign
+> cond_subjects         globus  '"/C=it/O=INFN/*" "/C=IT/O=INFN/*"'
+
+Verified other files have no significant differences
+	2f3fadf6.0
+openssl x509 -subject -fingerprint -sha1 -noout -in 2f3fadf6.0 
+subject= /C=IT/O=INFN/CN=INFN CA
+SHA1 Fingerprint=7D:17:44:C4:C9:1F:01:A8:B3:1C:81:E1:FF:8D:D8:91:B4:E1:5C:71
+MD5 Fingerprint=0A:D8:F4:7E:9E:39:6B:85:AE:68:FD:E5:8E:EA:6D:1B
+
+	2f3fadf6.crl_url
+dubfwe:~/repo/security/certificates mccreary$ diff 2f3fadf6.crl_url ../new/ca_INFN-CA-2006-1.28/2f3fadf6.crl_url 
+1c1
+< http://security.fi.infn.it/CA/INFNCA_crl.pem
+- ---
+> http://security.fi.infn.it/CA/INFNCA_crl.der
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (Darwin)
+
+iD8DBQFJ+2l4YjEf42hR7yYRAkFuAKCX3S+Sng6Axxd/t5FQVG17B902qACgkaj3
+Gt5Pv1Gq9NGw/0RbJfT1OnU=
+=Fgz2
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/NCSA_CACL_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/NCSA_CACL_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/NCSA_CACL_provenance (added)
+++ airavata/sandbox/gsissh/certificates/NCSA_CACL_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,55 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Verify NCSA CACL CA, May 2009 (mccreary) ]
+
+CACL CA cert obtained from on 13May09 from
+<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.29.tar.gz>
+Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Good PGP signature for this tar file was also obtained from
+<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.29.tar.gz.asc>
+Signature made with this key:
+
+pub   1024D/3CDBBC71 2005-07-12
+      Key fingerprint = D12E 9228 22BE 64D5 0146  188B C32D 99C8 3CDB BC71
+uid                  EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>
+
+Unfortunately this key has no signatures, and is not part of the TG security
+working group web of trust.
+
+Extracted the following files from the tar file:
+igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.0
+igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.crl_url
+igtf-policy-installation-bundle-1.29/src/accredited/9b95bbf2.signing_policy
+
+Verified that these files match the current files in the TG CA tarball.
+
+openssl x509 -subject -fingerprint -sha1 -noout -in 9b95bbf2.0 
+subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=CACL
+SHA1 Fingerprint=D3:F1:43:DD:1F:D7:41:4A:19:79:E1:12:B2:11:06:87:B7:79:66:1A
+MD5 Fingerprint=98:E7:B5:3F:10:FD:24:E3:EF:B6:4A:54:A6:CE:87:1A
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (Darwin)
+
+iD8DBQFKCyoPYjEf42hR7yYRArY6AKDe9/HLwAriVUnBcpWPv6+1O1LkRQCfWTeR
+KXEC9UTETGCMC/dNnGd45IM=
+=lnTK
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/NCSA_GridShib_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/NCSA_GridShib_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/NCSA_GridShib_provenance (added)
+++ airavata/sandbox/gsissh/certificates/NCSA_GridShib_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,199 @@
+[ retired 3/10/2013 ]
+
+Return-Path: <jbasney@illinois.edu>
+Received: from mailer2.psc.edu (mailer2.psc.edu [128.182.70.106])
+	by pscuxb.psc.edu (8.13.8/8.13.1) with ESMTP id r28EsJQW025484
+	for <dsimmel@pscuxb.psc.edu>; Fri, 8 Mar 2013 09:54:20 -0500
+Received: from pps02.cites.illinois.edu (pps02.cites.illinois.edu [192.17.82.100])
+	by mailer2.psc.edu (8.13.8/8.13.8) with ESMTP id r28EsFUw020693
+	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
+	for <dsimmel@psc.edu>; Fri, 8 Mar 2013 09:54:15 -0500
+Received: from citesht3.cites.illinois.edu (citesht3.cites.illinois.edu [128.174.34.208])
+	by pps02.cites.illinois.edu (8.14.5/8.14.5) with ESMTP id r28EroLW023335
+	(version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT);
+	Fri, 8 Mar 2013 08:54:04 -0600
+Received: from o2.ncsa.illinois.edu (141.142.220.178) by smtp.illinois.edu
+ (128.174.34.208) with Microsoft SMTP Server (TLS) id 14.2.328.9; Fri, 8 Mar
+ 2013 08:53:54 -0600
+Message-ID: <5139FB83.1030402@illinois.edu>
+Date: Fri, 8 Mar 2013 08:53:55 -0600
+From: Jim Basney <jbasney@illinois.edu>
+User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
+MIME-Version: 1.0
+To: David Groep <davidg@nikhef.nl>, Derek Simmel <dsimmel@psc.edu>
+Subject: CILogon/NCSA changes for IGTF distribution
+X-Enigmail-Version: 1.5.1
+OpenPGP: id=0A33BE15;
+	url=http://www.ncsa.illinois.edu/~jbasney/pgp.asc
+Content-Type: multipart/mixed;
+	boundary="------------090305060403060509020700"
+X-Originating-IP: [141.142.220.178]
+X-Spam-Score: 0
+X-Spam-Details: rule=cautious_plus_nq_notspam policy=cautious_plus_nq score=0
+ kscore.is_bulkscore=3.2647351377868e-08 kscore.compositescore=0
+ circleOfTrustscore=0 compositescore=0.234807148660411
+ urlsuspect_oldscore=0.234807148660411 suspectscore=0
+ recipient_domain_to_sender_totalscore=0 phishscore=0 bulkscore=0
+ kscore.is_spamscore=0 recipient_to_sender_totalscore=0
+ recipient_domain_to_sender_domain_totalscore=0 rbsscore=0.234807148660411
+ spamscore=0 recipient_to_sender_domain_totalscore=0 urlsuspectscore=0.9
+ adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
+ engine=7.0.1-1211240000 definitions=main-1303080094
+X-Spam-OrigSender: jbasney@illinois.edu
+X-Spam-Bar: 
+X-Spam-Status: No, score=-4.819, required=5, tests=BAYES_00,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,SPF_PASS,T_FILL_THIS_FORM_SHORT
+X-Scanned-By: MIMEDefang 2.70 on 128.182.70.106
+
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: 7bit
+
+Hi David and Derek,
+
+The NCSA GridShib CA (CN=GridShib CA) has now stopped issuing
+certificates, and all issued certificate have expired. Please remove
+this CA (files: ncsa-gridshib-ca.*, hashes e8ac4b61 and d87163a8) from
+the IGTF distribution. We'll keep issuing CRLs for this CA for at least
+another few months to avoid problems for relying parties.
+
+The 3 other NCSA CAs (CN=CACL, CN=MyProxy, and CN=Two Factor CA) are
+still actively used, so please don't remove those.
+
+Also, with the upcoming retirement of the DOEGrids CA, CILogon needs to
+stop using crl.doegrids.org as a backup CRL distribution point. Updated
+cilogon-*.crl_url and cilogon-*.info files are attached. Please include
+these updated versions in future IGTF distributions.
+
+Thanks,
+Jim
+
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-silver.info"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-silver.info"
+
+YWxpYXMgPSBjaWxvZ29uLXNpbHZlcgp1cmwgPSBodHRwOi8vY2EuY2lsb2dvbi5vcmcvCmNh
+X3VybCA9IGh0dHBzOi8vY2lsb2dvbi5vcmcvY2lsb2dvbi1zaWx2ZXIucGVtCmNybF91cmwg
+PSBodHRwOi8vY3JsLmNpbG9nb24ub3JnL2NpbG9nb24tc2lsdmVyLmNybAplbWFpbCA9IGNh
+QGNpbG9nb24ub3JnCnN0YXR1cyA9IGFjY3JlZGl0ZWQ6bWljcwp2ZXJzaW9uID0gQFZFUlNJ
+T05ACnNoYTFmcC4wID0gQFNIQTFGUC4wQAo=
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-openid.info"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-openid.info"
+
+YWxpYXMgPSBjaWxvZ29uLW9wZW5pZAp1cmwgPSBodHRwOi8vY2EuY2lsb2dvbi5vcmcvCmNh
+X3VybCA9IGh0dHBzOi8vY2lsb2dvbi5vcmcvY2lsb2dvbi1vcGVuaWQucGVtCmNybF91cmwg
+PSBodHRwOi8vY3JsLmNpbG9nb24ub3JnL2NpbG9nb24tb3BlbmlkLmNybAplbWFpbCA9IGNh
+QGNpbG9nb24ub3JnCnN0YXR1cyA9IGV4cGVyaW1lbnRhbAp2ZXJzaW9uID0gQFZFUlNJT05A
+CnNoYTFmcC4wID0gQFNIQTFGUC4wQAo=
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-basic.info"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-basic.info"
+
+YWxpYXMgPSBjaWxvZ29uLWJhc2ljCnVybCA9IGh0dHA6Ly9jYS5jaWxvZ29uLm9yZy8KY2Ff
+dXJsID0gaHR0cHM6Ly9jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLnBlbQpjcmxfdXJsID0g
+aHR0cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybAplbWFpbCA9IGNhQGNp
+bG9nb24ub3JnCnN0YXR1cyA9IGV4cGVyaW1lbnRhbAp2ZXJzaW9uID0gQFZFUlNJT05ACnNo
+YTFmcC4wID0gQFNIQTFGUC4wQAo=
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-silver.crl_url"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-silver.crl_url"
+
+aHR0cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLXNpbHZlci5jcmwK
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-openid.crl_url"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-openid.crl_url"
+
+aHR0cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLW9wZW5pZC5jcmwK
+--------------090305060403060509020700
+Content-Type: text/plain; charset="UTF-8"; x-mac-type=0; x-mac-creator=0;
+	name="cilogon-basic.crl_url"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="cilogon-basic.crl_url"
+
+aHR0cDovL2NybC5jaWxvZ29uLm9yZy9jaWxvZ29uLWJhc2ljLmNybAo=
+--------------090305060403060509020700--
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ New GridShib CA, May 2009 (mccreary) ]
+
+Received via email with S/MIME signature on 13May09.  Signed using
+certificate w/ subject:
+
+	CN = Jim Basney
+	O  = National Center for Supercomputing Applications
+	OU = People
+Serial Num = 01:04
+
+from authority:
+
+	CN = CACL
+	O  = National Center for Supercomputing Applications
+	OU = Certificate Authorities
+
+Valid from 23May08 until 24May2009
+
+Fingerprints:
+	SHA1	FC:BF:6C:6E:9E:71:AC:B5:01:4C:FE:FF:57:D8:17:86:E4:07:32:31
+	MD5 	E3:B8:68:A8:5C:62:00:78:A0:DB:30:48:03:B0:5A:C9
+
+Self-signed CACL CA cert in tarball verified on 13May09, see NCSA_CACL_provenance
+for details.
+
+Tar file containing the CA cert and signing policy was also obtained from
+<http://www.ncsa.uiuc.edu/~jbasney/ncsa-gridshib-ca-igtf.tar.gz>
+Good PGP signature for this tar file was obtained from
+<http://www.ncsa.uiuc.edu/~jbasney/ncsa-gridshib-ca-igtf.tar.gz.sig>
+Signature made with this key:
+
+pub   1024D/424ACD8C 2009-01-01 [expires: 2010-01-26]
+      Key fingerprint = 7396 9433 032F 4DC9 94A4  514A 1155 CA38 424A CD8C
+uid                  Jim Basney <jbasney@ncsa.uiuc.edu>
+sub   2048g/A97983D9 2009-01-01 [expires: 2010-01-26]
+
+Unfortunately this key is not part of the TG security working group web of trust.
+
+Extracted the following files from the tar file and checked against the
+attachments from the email message:
+
+ncsa-gridshib-ca-igtf/e8ac4b61.0
+ncsa-gridshib-ca-igtf/e8ac4b61.signing_policy
+
+Cosmetic differences between email and tar files:
+diff ./e8ac4b61.0 ../ncsa-gridshib-ca-igtf/e8ac4b61.0
+24,25d23
+< 
+< 
+diff ./e8ac4b61.signing_policy ../ncsa-gridshib-ca-igtf/e8ac4b61.signing_policy
+4,5d3
+< 
+< 
+
+Obtained CRL URL from subsequent S/MIME email message from Jim Basney, signed
+with the same CACL cert.
+
+http://ca.ncsa.uiuc.edu/e8ac4b61.r0 
+
+New GridShib cert:
+openssl x509 -subject -fingerprint -sha1 -noout -in e8ac4b61.0
+subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=GridShib CA
+SHA1 Fingerprint=48:DE:D1:9E:40:BF:3A:20:2B:A2:F6:F2:85:6A:62:37:5D:E9:AD:E1
+MD5 Fingerprint=3D:6F:CD:C7:C2:E9:B0:DF:F9:0F:B7:28:0F:57:CD:63
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (Darwin)
+
+iD8DBQFKCzPaYjEf42hR7yYRAgP4AKCWfo4Kgxb2GLOWldO55r9a+e8ZrwCcC/K4
+HyZGK7+1+mZ/FYpUSP7a5NM=
+=jt55
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/NCSA_MyProxy_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/NCSA_MyProxy_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/NCSA_MyProxy_provenance (added)
+++ airavata/sandbox/gsissh/certificates/NCSA_MyProxy_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,57 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Verify NCSA MyProxy CA, Oct 2009 (mccreary) ]
+
+MyProxy CA cert obtained from on 07Oct09 from
+<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.31.tar.gz>
+Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Good PGP signature for this tar file was also obtained from
+<https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.31.tar.gz.asc>
+Signature made with this key:
+
+pub   1024D/3CDBBC71 2005-07-12
+      Key fingerprint = D12E 9228 22BE 64D5 0146  188B C32D 99C8 3CDB BC71
+uid                  EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>
+
+Unfortunately this key has no signatures, and is not part of the TG security
+working group web of trust.
+
+Extracted the following files from the tar file:
+igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.0
+igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.signing_policy
+
+Verified that these files match the current files in the TG CA tarball.  Also
+added the following file to the tarball:
+
+igtf-policy-installation-bundle-1.31/src/accredited/f2e89fe3.crl_url
+
+openssl x509 -subject -fingerprint -sha1 -noout -in f2e89fe3.0 
+subject= /C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=MyProxy
+SHA1 Fingerprint=59:99:70:9C:C8:23:C4:0D:7F:3F:C0:80:AB:52:EC:D1:62:F1:5F:3B
+MD5 Fingerprint=C5:8B:4C:8C:FA:CB:57:6C:35:E7:96:55:1C:B6:F3:24
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (Darwin)
+
+iD8DBQFKzQG2YjEf42hR7yYRAh+3AKC1ENwXPn0h+DWw/7uYh9Oy7J+8oQCgpkXW
+9w5nZQx9Yui4052Q+xTn2HU=
+=piqo
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/PSC_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/PSC_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/PSC_provenance (added)
+++ airavata/sandbox/gsissh/certificates/PSC_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,78 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Verify new PSC CA, April 2010 (mccreary) ]
+
+New CA cert tarball obtained on 23Apr2010 vi email from
+Derek Simmel <dsimmel@psc.edu>.  A good PGP signature for this tar file was
+sent in the same email message, using a PGP key I have signed myself.  The
+signature was made with this key:
+
+pub   1024D/F2882606 2004-01-12
+      Key fingerprint = EC23 8D42 69B3 3EBB 9850  F972 8575 CF80 F288 2606
+uid                  Derek Simmel <dsimmel@psc.edu>
+sub   2048g/DB7D9741 2004-01-12
+
+This key has been signed by my own key:
+
+pub   1024D/6851EF26 2006-05-03 [expire: 2011-05-02]
+      Key fingerprint = F9E7 8D30 2833 70A8 611A  42C2 6231 1FE3 6851 EF26
+uid                  Sean McCreary <mccreary@ucar.edu>
+sub   2048g/BD594BA4 2006-05-03 [expire: 2011-05-02]
+
+Extracted the following files from the tar file:
+9b88e95b.0
+9b88e95b.crl_url
+9b88e95b.psc-root.cadesc
+9b88e95b.signing_policy
+acc06fda.0
+acc06fda.crl_url
+acc06fda.psc-host.cadesc
+acc06fda.signing_policy
+4b2783ac.0
+4b2783ac.crl_url
+4b2783ac.psc-myproxy.cadesc
+4b2783ac.signing_policy
+4b2783ac.info
+4b2783ac.namespaces
+
+Note that the *.crl_url files refer to the DER-format revocation lists.  We
+require PEM-format revocation lists, so I have included the alternate URLs
+for these files (i.e. I replaced http://foo/bar/XXXXXXXX.crl with 
+http://foo/bar/XXXXXXXX.r0 in each file).
+
+9b88e95b already exists in the tarball.  I've verified that the CA cert is
+identical with the following differences in the signing_policy file:
+
+openssl x509 -subject -fingerprint -sha1 -noout -in 9b88e95b.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
+SHA1 Fingerprint=76:14:59:94:16:2B:E2:05:C9:16:3F:85:8E:7C:70:EE:B9:DD:84:50
+MD5 Fingerprint=A4:DC:F4:AB:62:B1:6B:8C:90:78:03:94:A6:8E:B9:5A
+
+$ diff 9b88e95b.signing_policy ../certificates-/9b88e95b.signing_policy 
+3c3
+<  cond_subjects     globus       '"/C=US/O=Pittsburgh Supercomputing Center/*"'
+- - ---
+>  cond_subjects     globus       '"/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Web Services CA"'
+
+acc06fda also already exists in the tarball.  I've verified that the CA cert
+and signing_policy files are identical.
+
+openssl x509 -subject -fingerprint -sha1 -noout -in acc06fda.0 
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA
+SHA1 Fingerprint=6C:CD:19:F1:36:B8:49:01:C4:E4:3B:0B:56:44:9D:58:4B:89:14:88
+MD5 Fingerprint=C7:76:67:51:73:EE:F3:13:FA:12:DA:CB:95:CC:2E:C1
+
+4b2783ac is a new addition to the tarball:
+
+openssl x509 -subject -fingerprint -sha1 -noout -in 4b2783ac.0 
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA
+SHA1 Fingerprint=F8:13:D4:7B:44:9C:4A:83:CF:E3:A5:59:37:5C:9F:F7:FA:0A:1D:66
+MD5 Fingerprint=21:F7:B4:30:26:C7:49:5E:F3:56:61:D4:73:A3:32:A1
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (Darwin)
+
+iEYEARECAAYFAkvYfeQACgkQYjEf42hR7yaXOgCeM7u14ay4UI7Q5SJfnNCmsp4i
+K+UAn2Hr9KB3ZZ+2HtOVQN/wWGgAkuSL
+=BVSC
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/README
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/README?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/README (added)
+++ airavata/sandbox/gsissh/certificates/README Thu Aug 15 19:29:07 2013
@@ -0,0 +1,424 @@
+CURRENT (as of March 10, 2013) XSEDE APPROVED CAs:
+
+Revision History
+-----------------
+3/10/2013 [Removed retired NCSA GridShib CA; Replaced 10718cba.crl_url: new file removed http://crl.doegrids.org/cilogon-basic.crl]
+
+1/30/2013 [Added DOEGrids CA S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*]
+
+1/28/2013 [Removed expiring UK EScience CA 53729190.* 367b75c3.*, DOE Grids CA 12d0da68.* 1c3f2ca8.*, and SDSC NPACI CA 9117797f.* b89793e4.*]
+ 
+1/11/2013 [Removed Decommissioned TACC CAs 9a1da9f9 and f30e4b25]
+
+11/1/2012 [Removed expired UK EScience CA certs and files 367b75c3.*, corrected filenames and symlinks for UK EScience CA certs]
+
+8/8/12 [Corrected issues with signing policies of the recently added UK e-science CAs 1b6f5ede and ffc3d59b]
+
+7/23/12 [Added UK eScienceCA 2A and 2B Files from igtf tarball v1.48]
+
+4/11/2011 [Added newly TAGPMA accredited NCSA 2-factor SLCS CA (Added to IGTF distribution 3/26/2012).]
+
+1/4/2012 [Added newly TAGPMA accredited NICS MyProxy CA] 
+
+6/1/2011 [Added KEK GRID CA (TAGPMA Certified)]
+
+5/4/2011 [Added NERSC CA (TAGPMA Certified)]
+
+1/25/2011 [Added OpenSSL 1.x hash symbolic links for *.0, *.signing_policy,
+ *.info, & *.namespaces files on Jan 25 2011]
+
+
+DOE SCIENCE GRID:
+-----------------
+
+Added extended CA certificate (S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*) 2013-01-30
+
+Removed expired CA certificate 2013-01-28
+
+[Updated signing certificates (validity dates extended) & signing_policies for DOEGrids and ESnet, and crl_url for ESnet, Nov 3, 2006]
+[Updated CRL URL for DOEGrids CA 1, May 1, 2008 (mccreary)]
+
+1c3f2ca8.0
+/DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
+1c3f2ca8.crl_url
+http://crl.doegrids.org/1c3f2ca8/1c3f2ca8.r0
+1c3f2ca8.signing_policy
+
+d1b603c3.0
+/DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
+d1b603c3.crl_url
+http://www.es.net/CA/d1b603c3/d1b603c3.r0
+d1b603c3.signing_policy
+
+IRISGrid (Spain):
+-----------------
+
+9dd23746.0
+DC=es, DC=irisgrid, CN=IRISGridCA
+9dd23746.crl_url
+http://www.irisgrid.es/pki/crl/cacrl.pem
+9dd23746.signing_policy
+
+NCSA:
+-----
+
+[ Verified 13May09 by mccreary, see NCSA_CACL_provenance for details ]
+9b95bbf2.0
+[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ]
+C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL
+http://ca.ncsa.uiuc.edu/9b95bbf2.r0
+9b95bbf2.signing_policy
+
+[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ]
+[ Verified 07Oct09 by mccreary, see NCSA_MyProxy_provenance for details ]
+f2e89fe3.0
+C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy
+http://ca.ncsa.uiuc.edu/f2e89fe3.r0
+f2e89fe3.signing_policy
+
+[ Added 13May09 by mccreary, see NCSA_GridShib_provenance for details ]
+e8ac4b61.0
+/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=GridShib CA
+e8ac4b61.crl_url
+http://ca.ncsa.uiuc.edu/e8ac4b61.r0
+e8ac4b61.signing_policy
+
+PITTSBURGH SUPERCOMPUTING CENTER:
+---------------------------------
+
+[ Verified 23Apr10 by mccreary, see PSC_provenance for details ]
+9b88e95b.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
+9b88e95b.crl_url
+http://www.psc.edu/ca/crl/9b88e95b.crl
+9b88e95b.psc-root.cadesc
+9b88e95b.signing_policy
+
+[ Verified 23Apr10 by mccreary, see PSC_provenance for details ]
+acc06fda.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA
+acc06fda.crl_url
+http://www.psc.edu/ca/crl/acc06fda.crl
+acc06fda.psc-host.cadesc
+acc06fda.signing_policy
+
+[ Added 23Apr10 by mccreary, see PSC_provenance for details ]
+4b2783ac.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA
+4b2783ac.crl_url
+http://www.psc.edu/ca/crl/4b2783ac.crl
+4b2783ac.psc-myproxy.cadesc
+4b2783ac.signing_policy
+4b2783ac.info
+4b2783ac.namespaces
+
+Purdue University:
+------------------
+
+67e8acfa.0
+/CN=Purdue TeraGrid RA/OU=Purdue TeraGrid/O=Purdue University/ST=Indiana/C=US
+67e8acfa.crl_url
+http://tg-ca.purdue.teragrid.org:8080/67e8acfa.r0
+67e8acfa.signing_policy
+
+95009ddc.0
+/CN=PurdueCA/O=Purdue University/ST=Indiana/C=US
+95009ddc.crl_url
+http://tg-ca.purdue.teragrid.org:8080/95009ddc.r0
+95009ddc.signing_policy
+
+
+SDSC:
+-----
+
+3deda549.0
+/C=US/O=SDSC/OU=SDSC-CA/CN=Certificate Authority/UID=certman
+3deda549.crl_url
+http://www.sdsc.edu/CA/3deda549.r0
+3deda549.signing_policy
+
+b89793e4.0
+/C=US/O=NPACI/OU=SDSC/CN=Certificate Manager/UID=certman
+b89793e4.crl_url
+http://www.npaci.edu/CA/b89793e4.r0
+b89793e4.signing_policy
+
+
+TACC:
+-----
+
+[ New TACC CA currently under review - added now to permit testing ]
+
+9a1da9f9.0
+/C=US/O=UTAustin/OU=TACC/CN=TACC Certification Authority/UID=caman
+9a1da9f9.crl_url
+http://www.tacc.utexas.edu/CA/CRL
+9a1da9f9.signing_policy
+
+[ New TACC root and classic CA added, Dec 2008 (mccreary) ]
+684261aa.0 
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA
+684261aa.crl_url 
+http://www.tacc.utexas.edu/CA/684261aa.r0
+684261aa.signing_policy
+684261aa.tacc.cadesc
+684261aa.tacc.cadesc.sig
+
+e5cc84c2.0 
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA
+e5cc84c2.crl_url
+http://www.tacc.utexas.edu/CA/e5cc84c2.r0
+e5cc84c2.signing_policy
+e5cc84c2.tacc.cadesc
+e5cc84c2.tacc.cadesc.sig
+
+See TACC_provenance for signed statement of certificate origin
+
+[ Added 13May09 by mccreary, see TACC_MICS_provenance for details ]
+2ac09305.0
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA
+2ac09305.crl_url
+http://www.tacc.utexas.edu/CA/2ac09305.r0
+2ac09305.signing_policy
+
+UK E-Science CA:
+----------------
+
+[ Jan 28, 2013: Removed (again?) EScience CA cert and files 53729190.* 367b75c3.*]
+
+[ Nov 1, 2012: Removed expired EScience CA cert and files 367b75c3.* ]
+
+[ Nov 1, 2012: swapped filenames and links for consistency with other CA cert file naming ]
+
+$ ls -l 877af676.*
+lrwxr-xr-x  1 JimMarsteller  staff  10 Nov  1 15:30 877af676.0 -> 1b6f5ede.0
+lrwxr-xr-x  1 JimMarsteller  staff  16 Nov  1 15:31 877af676.crl_url -> 1b6f5ede.crl_url
+lrwxr-xr-x  1 JimMarsteller  staff  23 Nov  1 15:30 877af676.signing_policy -> 1b6f5ede.signing_policy
+$ ls -l 1b6f5ede.*
+-rw-r--r--@ 1 JimMarsteller  staff  1367 Jul 11 09:55 1b6f5ede.0
+-rw-r--r--@ 1 JimMarsteller  staff    43 Jul 11 10:33 1b6f5ede.crl_url
+-rw-r--r--@ 1 JimMarsteller  staff   237 Jul 11 09:55 1b6f5ede.signing_policy
+$ ls -l 530f7122.*
+lrwxr-xr-x  1 JimMarsteller  staff  10 Nov  1 15:26 530f7122.0 -> ffc3d59b.0
+lrwxr-xr-x  1 JimMarsteller  staff  16 Nov  1 15:28 530f7122.crl_url -> ffc3d59b.crl_url
+lrwxr-xr-x  1 JimMarsteller  staff  23 Nov  1 15:27 530f7122.signing_policy -> ffc3d59b.signing_policy
+$ ls -l ffc3*
+-rw-r--r--@ 1 JimMarsteller  staff  1367 Jul 11 10:28 ffc3d59b.0
+-rw-r--r--@ 1 JimMarsteller  staff    43 Jul 11 10:33 ffc3d59b.crl_url
+-rw-r--r--@ 1 JimMarsteller  staff   237 Jul 11 10:29 ffc3d59b.signing_policy
+
+[ addition of UK eScienceCA 2A and 2B, Jul 2012 (fest) ]
+Files from igtf tarball v1.48
+
+877af676.0
+877af676.signing_policy
+530f7122.0
+530f7122.signing_policy
+
+wget https://dist.eugridpma.info/distribution/igtf/current/https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.48.tar.gz
+
+added hashes for v1 as well.
+
+[ removal of old UK eScience certificates and urls, Aug 2008 (shelmire) ]
+
+Files 
+adcbc9ef.0
+                adcbc9ef.signing_policy
+                8175c1cd.0
+                8175c1cd.signing_policy
+
+have been removed. The host that was holding these certificates may have been compromised. The UK E-Science CA is no longer honoring them. 
+
+[ Replacement UK eScience certificates, May 2008 (mccreary) ]
+
+Retrieved from
+<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/>
+	ca_UKeScienceRoot-2007-1.21.tar.gz
+	ca_UKeScienceCA-2007-1.21.tar.gz
+	ca_UKeScienceRoot-1.21.tar.gz
+	ca_UKeScienceCA-1.21.tar.gz
+
+on 22May08. Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Updated:	367b75c3.0
+		367b75c3.signing_policy
+		98ef0ee5.0
+		98ef0ee5.signing_policy
+
+*.crl_url files left unchanged, only difference is .pem extension
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
+---
+> http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem
+
+Also verifiedi:	adcbc9ef.0
+		adcbc9ef.signing_policy
+		8175c1cd.0
+		8175c1cd.signing_policy
+
+Note that *crl_url for these certs also differs in the extension
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl
+---
+> http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem
+
+[ New UK eScience CAs November 2007 (cab) ]
+
+367b75c3.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
+367b75c3.crl_url= http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem
+367b75c3.signing_policy
+
+98ef0ee5.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root
+98ef0ee5.crl_url= http://ca.grid-support.ac.uk/pub/crl/root-crl.pem
+98ef0ee5.signing_policy
+
+[ New UK eScience CAs August 2006 ]
+[ As of Nov. 27, 2007 No new certificates will be issued by this CA (cab) ]
+[ Updated the CRL URL location to point to an unpublished PEM file (cab) ]
+8175c1cd.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA
+8175c1cd.crl_url
+http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem
+8175c1cd.signing_policy
+
+adcbc9ef.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA
+adcbc9ef.crl_url
+http://ca.grid-support.ac.uk/pub/crl/escience-ca-crl.pem
+adcbc9ef.signing_policy
+
+[ UDATED Oct. 16 2007 - updated expired certificate URL (jam) ]
+[ REMOVED Oct. 1 2007 - purged expired certificat (cab) ]
+[ EXPIRING Aug  4 10:36:41 2007 GMT - no new certificates to be issued after Aug 2006 ]
+[ previously approved for limited use until 12/31/2003; re-added for Reality-Grid
+  users under Bruce Boghosian (Tufts) TeraGrid project 08/18/2004 - dsimmel ]
+01621954.0
+/C=UK/O=eScience/OU=Authority/CN=CA/emailAddress=ca-operator@grid-support.ac.uk
+01621954.crl_url
+http://ca.grid-support.ac.uk/cgi-bin/importCRL.pem
+01621954.signing_policy
+
+
+University of Southern California (USC) CA & KCA:
+-------------------------------------------------
+
+[ added March 2005 to facilitate SCEC project users ]
+[ removed January 2011 due to CA certificate expiration (jbasney) ]
+
+2ca73e82.0
+/C=US/ST=California/L=Los Angeles/O=University of Southern California/CN=University of Southern California PKI-Lite CA, release 1/emailAddress=nmiadmin@usc.edu
+2ca73e82.crl_url
+http://www.usc.edu/isd/services/authx/CA/2ca73e82.r0 
+2ca73e82.signing_policy
+
+[ USC Kerberos Certification Authority only issues short term certs for proxy use
+  and has no Certificate Revocation List ]
+
+[ USC KCA v2 service certificate fa9c3452.0 expired March 2, 2006 - the new v3 appears below ]
+[ USC KCA v3 service certificate b57985f0.0 expired again on March 2, 2006, removed from the tarball, WJL]
+b57985f0.0
+/C=US/ST=California/L=Los Angeles/O=University of Southern California/OU=Information Services Division/CN=University of Southern California KCA v3/emailAddress=nmiadmin@usc.edu
+b57985f0.signing_policy
+
+
+INFN (Italy) CA:
+---------------
+
+[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ]
+[ removed as it expired Sept. 18, 2007 ]
+49f18420.0
+/C=IT/O=INFN/CN=INFN Certification Authority
+49f18420.crl_url
+http://security.fi.infn.it/CA/crl.pem
+49f18420.signing_policy
+
+[ added on Oct. 1, 2007 to reflect the issuing of a new CA (cab) ]
+[ Renamed the CRL URL to reflect an upublished PEM encoded file (cab) ]
+[ Updated signing policy, May 1, 2009 (mccreary) ]
+2f3fadf6.0
+/C=IT/O=INFN/CN=INFN CA
+http://security.fi.infn.it/CA/INFNCA_crl.pem
+2f3fadf6.signing_policy
+
+
+Dutch Grid and NIKHEF CA:
+------------------------
+
+[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ]
+
+16da7552.0
+/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
+16da7552.crl_url
+http://ca.dutchgrid.nl/medium/cacrl.pem
+16da7552.signing_policy
+
+
+AIST (Japan) CA:
+---------------
+
+[ added March 2006 for GridRPC Materials Science production runs ]
+
+a317c467.0
+/C=JP/O=AIST/OU=GRID/CN=Certificate Authority
+a317c467.crl_url
+https://www.apgrid.org/CA/AIST/Production/a317c467.r0
+a317c467.signing_policy
+
+
+NERSC SLCS CA:
+
+[ Added Apr 27 2011 per TeraGrid Ticket 198964 ]
+
+$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz
+--2011-04-27 10:37:26--  https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz
+Resolving dist.eugridpma.info... 194.171.96.74
+Connecting to dist.eugridpma.info|194.171.96.74|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 150942 (147K) [application/x-gzip]
+Saving to: `igtf-policy-installation-bundle-1.38.tar.gz'
+100%[======================================>] 150,942      223K/s   in 0.7s    
+2011-04-27 10:37:28 (223 KB/s) - `igtf-policy-installation-bundle-1.38.tar.gz' saved [150942/150942]
+$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc
+--2011-04-27 10:37:48--  https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc
+Resolving dist.eugridpma.info... 194.171.96.74
+Connecting to dist.eugridpma.info|194.171.96.74|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 189 [text/plain]
+Saving to: `igtf-policy-installation-bundle-1.38.tar.gz.asc'
+100%[======================================>] 189         --.-K/s   in 0s      
+2011-04-27 10:37:49 (1.80 MB/s) - `igtf-policy-installation-bundle-1.38.tar.gz.asc' saved [189/189]
+$ gpg --verify igtf-policy-installation-bundle-1.38.tar.gz.asc
+gpg: Signature made Fri Feb  4 05:14:38 2011 CST using DSA key ID 3CDBBC71
+gpg: Good signature from "EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>"
+$ tar xfz igtf-policy-installation-bundle-1.38.tar.gz
+$ cd igtf-policy-installation-bundle-1.38/src/accredited/
+$ cp NERSC-SLCS.* ~/cvs/repo.teragrid.org/security/certificates
+$ cd ~/cvs/repo.teragrid.org/security/certificates/
+$ mv NERSC-SLCS.pem b93d6240.0
+$ mv NERSC-SLCS.info b93d6240.info
+$ mv NERSC-SLCS.crl_url b93d6240.crl_url
+$ mv NERSC-SLCS.signing_policy b93d6240.signing_policy
+$ rm NERSC-SLCS.namespaces 
+$ ln -s b93d6240.0 20b7db76.0
+$ ln -s b93d6240.signing_policy 20b7db76.signing_policy

Added: airavata/sandbox/gsissh/certificates/README.txt
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/README.txt?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/README.txt (added)
+++ airavata/sandbox/gsissh/certificates/README.txt Thu Aug 15 19:29:07 2013
@@ -0,0 +1,424 @@
+CURRENT (as of March 10, 2013) XSEDE APPROVED CAs:
+
+Revision History
+-----------------
+3/10/2013 [Removed retired NCSA GridShib CA; Replaced 10718cba.crl_url: new file removed http://crl.doegrids.org/cilogon-basic.crl]
+
+1/30/2013 [Added DOEGrids CA S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*]
+
+1/28/2013 [Removed expiring UK EScience CA 53729190.* 367b75c3.*, DOE Grids CA 12d0da68.* 1c3f2ca8.*, and SDSC NPACI CA 9117797f.* b89793e4.*]
+ 
+1/11/2013 [Removed Decommissioned TACC CAs 9a1da9f9 and f30e4b25]
+
+11/1/2012 [Removed expired UK EScience CA certs and files 367b75c3.*, corrected filenames and symlinks for UK EScience CA certs]
+
+8/8/12 [Corrected issues with signing policies of the recently added UK e-science CAs 1b6f5ede and ffc3d59b]
+
+7/23/12 [Added UK eScienceCA 2A and 2B Files from igtf tarball v1.48]
+
+4/11/2011 [Added newly TAGPMA accredited NCSA 2-factor SLCS CA (Added to IGTF distribution 3/26/2012).]
+
+1/4/2012 [Added newly TAGPMA accredited NICS MyProxy CA] 
+
+6/1/2011 [Added KEK GRID CA (TAGPMA Certified)]
+
+5/4/2011 [Added NERSC CA (TAGPMA Certified)]
+
+1/25/2011 [Added OpenSSL 1.x hash symbolic links for *.0, *.signing_policy,
+ *.info, & *.namespaces files on Jan 25 2011]
+
+
+DOE SCIENCE GRID:
+-----------------
+
+Added extended CA certificate (S/N 0x47 valid 2002-12-5..2018-01-25 12d0da68.* 1c3f2ca8.*) 2013-01-30
+
+Removed expired CA certificate 2013-01-28
+
+[Updated signing certificates (validity dates extended) & signing_policies for DOEGrids and ESnet, and crl_url for ESnet, Nov 3, 2006]
+[Updated CRL URL for DOEGrids CA 1, May 1, 2008 (mccreary)]
+
+1c3f2ca8.0
+/DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
+1c3f2ca8.crl_url
+http://crl.doegrids.org/1c3f2ca8/1c3f2ca8.r0
+1c3f2ca8.signing_policy
+
+d1b603c3.0
+/DC=net/DC=ES/O=ESnet/OU=Certificate Authorities/CN=ESnet Root CA 1
+d1b603c3.crl_url
+http://www.es.net/CA/d1b603c3/d1b603c3.r0
+d1b603c3.signing_policy
+
+IRISGrid (Spain):
+-----------------
+
+9dd23746.0
+DC=es, DC=irisgrid, CN=IRISGridCA
+9dd23746.crl_url
+http://www.irisgrid.es/pki/crl/cacrl.pem
+9dd23746.signing_policy
+
+NCSA:
+-----
+
+[ Verified 13May09 by mccreary, see NCSA_CACL_provenance for details ]
+9b95bbf2.0
+[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ]
+C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL
+http://ca.ncsa.uiuc.edu/9b95bbf2.r0
+9b95bbf2.signing_policy
+
+[ Updated 31Jan11 by jbasney with new Not After date: Apr 2027 ]
+[ Verified 07Oct09 by mccreary, see NCSA_MyProxy_provenance for details ]
+f2e89fe3.0
+C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy
+http://ca.ncsa.uiuc.edu/f2e89fe3.r0
+f2e89fe3.signing_policy
+
+[ Added 13May09 by mccreary, see NCSA_GridShib_provenance for details ]
+e8ac4b61.0
+/C=US/O=National Center for Supercomputing Applications/OU=Certificate Authorities/CN=GridShib CA
+e8ac4b61.crl_url
+http://ca.ncsa.uiuc.edu/e8ac4b61.r0
+e8ac4b61.signing_policy
+
+PITTSBURGH SUPERCOMPUTING CENTER:
+---------------------------------
+
+[ Verified 23Apr10 by mccreary, see PSC_provenance for details ]
+9b88e95b.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
+9b88e95b.crl_url
+http://www.psc.edu/ca/crl/9b88e95b.crl
+9b88e95b.psc-root.cadesc
+9b88e95b.signing_policy
+
+[ Verified 23Apr10 by mccreary, see PSC_provenance for details ]
+acc06fda.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA
+acc06fda.crl_url
+http://www.psc.edu/ca/crl/acc06fda.crl
+acc06fda.psc-host.cadesc
+acc06fda.signing_policy
+
+[ Added 23Apr10 by mccreary, see PSC_provenance for details ]
+4b2783ac.0
+subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA
+4b2783ac.crl_url
+http://www.psc.edu/ca/crl/4b2783ac.crl
+4b2783ac.psc-myproxy.cadesc
+4b2783ac.signing_policy
+4b2783ac.info
+4b2783ac.namespaces
+
+Purdue University:
+------------------
+
+67e8acfa.0
+/CN=Purdue TeraGrid RA/OU=Purdue TeraGrid/O=Purdue University/ST=Indiana/C=US
+67e8acfa.crl_url
+http://tg-ca.purdue.teragrid.org:8080/67e8acfa.r0
+67e8acfa.signing_policy
+
+95009ddc.0
+/CN=PurdueCA/O=Purdue University/ST=Indiana/C=US
+95009ddc.crl_url
+http://tg-ca.purdue.teragrid.org:8080/95009ddc.r0
+95009ddc.signing_policy
+
+
+SDSC:
+-----
+
+3deda549.0
+/C=US/O=SDSC/OU=SDSC-CA/CN=Certificate Authority/UID=certman
+3deda549.crl_url
+http://www.sdsc.edu/CA/3deda549.r0
+3deda549.signing_policy
+
+b89793e4.0
+/C=US/O=NPACI/OU=SDSC/CN=Certificate Manager/UID=certman
+b89793e4.crl_url
+http://www.npaci.edu/CA/b89793e4.r0
+b89793e4.signing_policy
+
+
+TACC:
+-----
+
+[ New TACC CA currently under review - added now to permit testing ]
+
+9a1da9f9.0
+/C=US/O=UTAustin/OU=TACC/CN=TACC Certification Authority/UID=caman
+9a1da9f9.crl_url
+http://www.tacc.utexas.edu/CA/CRL
+9a1da9f9.signing_policy
+
+[ New TACC root and classic CA added, Dec 2008 (mccreary) ]
+684261aa.0 
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA
+684261aa.crl_url 
+http://www.tacc.utexas.edu/CA/684261aa.r0
+684261aa.signing_policy
+684261aa.tacc.cadesc
+684261aa.tacc.cadesc.sig
+
+e5cc84c2.0 
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA
+e5cc84c2.crl_url
+http://www.tacc.utexas.edu/CA/e5cc84c2.r0
+e5cc84c2.signing_policy
+e5cc84c2.tacc.cadesc
+e5cc84c2.tacc.cadesc.sig
+
+See TACC_provenance for signed statement of certificate origin
+
+[ Added 13May09 by mccreary, see TACC_MICS_provenance for details ]
+2ac09305.0
+/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA
+2ac09305.crl_url
+http://www.tacc.utexas.edu/CA/2ac09305.r0
+2ac09305.signing_policy
+
+UK E-Science CA:
+----------------
+
+[ Jan 28, 2013: Removed (again?) EScience CA cert and files 53729190.* 367b75c3.*]
+
+[ Nov 1, 2012: Removed expired EScience CA cert and files 367b75c3.* ]
+
+[ Nov 1, 2012: swapped filenames and links for consistency with other CA cert file naming ]
+
+$ ls -l 877af676.*
+lrwxr-xr-x  1 JimMarsteller  staff  10 Nov  1 15:30 877af676.0 -> 1b6f5ede.0
+lrwxr-xr-x  1 JimMarsteller  staff  16 Nov  1 15:31 877af676.crl_url -> 1b6f5ede.crl_url
+lrwxr-xr-x  1 JimMarsteller  staff  23 Nov  1 15:30 877af676.signing_policy -> 1b6f5ede.signing_policy
+$ ls -l 1b6f5ede.*
+-rw-r--r--@ 1 JimMarsteller  staff  1367 Jul 11 09:55 1b6f5ede.0
+-rw-r--r--@ 1 JimMarsteller  staff    43 Jul 11 10:33 1b6f5ede.crl_url
+-rw-r--r--@ 1 JimMarsteller  staff   237 Jul 11 09:55 1b6f5ede.signing_policy
+$ ls -l 530f7122.*
+lrwxr-xr-x  1 JimMarsteller  staff  10 Nov  1 15:26 530f7122.0 -> ffc3d59b.0
+lrwxr-xr-x  1 JimMarsteller  staff  16 Nov  1 15:28 530f7122.crl_url -> ffc3d59b.crl_url
+lrwxr-xr-x  1 JimMarsteller  staff  23 Nov  1 15:27 530f7122.signing_policy -> ffc3d59b.signing_policy
+$ ls -l ffc3*
+-rw-r--r--@ 1 JimMarsteller  staff  1367 Jul 11 10:28 ffc3d59b.0
+-rw-r--r--@ 1 JimMarsteller  staff    43 Jul 11 10:33 ffc3d59b.crl_url
+-rw-r--r--@ 1 JimMarsteller  staff   237 Jul 11 10:29 ffc3d59b.signing_policy
+
+[ addition of UK eScienceCA 2A and 2B, Jul 2012 (fest) ]
+Files from igtf tarball v1.48
+
+877af676.0
+877af676.signing_policy
+530f7122.0
+530f7122.signing_policy
+
+wget https://dist.eugridpma.info/distribution/igtf/current/https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.48.tar.gz
+
+added hashes for v1 as well.
+
+[ removal of old UK eScience certificates and urls, Aug 2008 (shelmire) ]
+
+Files 
+adcbc9ef.0
+                adcbc9ef.signing_policy
+                8175c1cd.0
+                8175c1cd.signing_policy
+
+have been removed. The host that was holding these certificates may have been compromised. The UK E-Science CA is no longer honoring them. 
+
+[ Replacement UK eScience certificates, May 2008 (mccreary) ]
+
+Retrieved from
+<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/>
+	ca_UKeScienceRoot-2007-1.21.tar.gz
+	ca_UKeScienceCA-2007-1.21.tar.gz
+	ca_UKeScienceRoot-1.21.tar.gz
+	ca_UKeScienceCA-1.21.tar.gz
+
+on 22May08. Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Updated:	367b75c3.0
+		367b75c3.signing_policy
+		98ef0ee5.0
+		98ef0ee5.signing_policy
+
+*.crl_url files left unchanged, only difference is .pem extension
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
+---
+> http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem
+
+Also verifiedi:	adcbc9ef.0
+		adcbc9ef.signing_policy
+		8175c1cd.0
+		8175c1cd.signing_policy
+
+Note that *crl_url for these certs also differs in the extension
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl
+---
+> http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem
+
+[ New UK eScience CAs November 2007 (cab) ]
+
+367b75c3.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
+367b75c3.crl_url= http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem
+367b75c3.signing_policy
+
+98ef0ee5.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root
+98ef0ee5.crl_url= http://ca.grid-support.ac.uk/pub/crl/root-crl.pem
+98ef0ee5.signing_policy
+
+[ New UK eScience CAs August 2006 ]
+[ As of Nov. 27, 2007 No new certificates will be issued by this CA (cab) ]
+[ Updated the CRL URL location to point to an unpublished PEM file (cab) ]
+8175c1cd.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA
+8175c1cd.crl_url
+http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem
+8175c1cd.signing_policy
+
+adcbc9ef.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA
+adcbc9ef.crl_url
+http://ca.grid-support.ac.uk/pub/crl/escience-ca-crl.pem
+adcbc9ef.signing_policy
+
+[ UDATED Oct. 16 2007 - updated expired certificate URL (jam) ]
+[ REMOVED Oct. 1 2007 - purged expired certificat (cab) ]
+[ EXPIRING Aug  4 10:36:41 2007 GMT - no new certificates to be issued after Aug 2006 ]
+[ previously approved for limited use until 12/31/2003; re-added for Reality-Grid
+  users under Bruce Boghosian (Tufts) TeraGrid project 08/18/2004 - dsimmel ]
+01621954.0
+/C=UK/O=eScience/OU=Authority/CN=CA/emailAddress=ca-operator@grid-support.ac.uk
+01621954.crl_url
+http://ca.grid-support.ac.uk/cgi-bin/importCRL.pem
+01621954.signing_policy
+
+
+University of Southern California (USC) CA & KCA:
+-------------------------------------------------
+
+[ added March 2005 to facilitate SCEC project users ]
+[ removed January 2011 due to CA certificate expiration (jbasney) ]
+
+2ca73e82.0
+/C=US/ST=California/L=Los Angeles/O=University of Southern California/CN=University of Southern California PKI-Lite CA, release 1/emailAddress=nmiadmin@usc.edu
+2ca73e82.crl_url
+http://www.usc.edu/isd/services/authx/CA/2ca73e82.r0 
+2ca73e82.signing_policy
+
+[ USC Kerberos Certification Authority only issues short term certs for proxy use
+  and has no Certificate Revocation List ]
+
+[ USC KCA v2 service certificate fa9c3452.0 expired March 2, 2006 - the new v3 appears below ]
+[ USC KCA v3 service certificate b57985f0.0 expired again on March 2, 2006, removed from the tarball, WJL]
+b57985f0.0
+/C=US/ST=California/L=Los Angeles/O=University of Southern California/OU=Information Services Division/CN=University of Southern California KCA v3/emailAddress=nmiadmin@usc.edu
+b57985f0.signing_policy
+
+
+INFN (Italy) CA:
+---------------
+
+[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ]
+[ removed as it expired Sept. 18, 2007 ]
+49f18420.0
+/C=IT/O=INFN/CN=INFN Certification Authority
+49f18420.crl_url
+http://security.fi.infn.it/CA/crl.pem
+49f18420.signing_policy
+
+[ added on Oct. 1, 2007 to reflect the issuing of a new CA (cab) ]
+[ Renamed the CRL URL to reflect an upublished PEM encoded file (cab) ]
+[ Updated signing policy, May 1, 2009 (mccreary) ]
+2f3fadf6.0
+/C=IT/O=INFN/CN=INFN CA
+http://security.fi.infn.it/CA/INFNCA_crl.pem
+2f3fadf6.signing_policy
+
+
+Dutch Grid and NIKHEF CA:
+------------------------
+
+[ added March 2006 in preparation for user demo at GGF17 Tokyo May 2006 ]
+
+16da7552.0
+/C=NL/O=NIKHEF/CN=NIKHEF medium-security certification auth
+16da7552.crl_url
+http://ca.dutchgrid.nl/medium/cacrl.pem
+16da7552.signing_policy
+
+
+AIST (Japan) CA:
+---------------
+
+[ added March 2006 for GridRPC Materials Science production runs ]
+
+a317c467.0
+/C=JP/O=AIST/OU=GRID/CN=Certificate Authority
+a317c467.crl_url
+https://www.apgrid.org/CA/AIST/Production/a317c467.r0
+a317c467.signing_policy
+
+
+NERSC SLCS CA:
+
+[ Added Apr 27 2011 per TeraGrid Ticket 198964 ]
+
+$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz
+--2011-04-27 10:37:26--  https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz
+Resolving dist.eugridpma.info... 194.171.96.74
+Connecting to dist.eugridpma.info|194.171.96.74|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 150942 (147K) [application/x-gzip]
+Saving to: `igtf-policy-installation-bundle-1.38.tar.gz'
+100%[======================================>] 150,942      223K/s   in 0.7s    
+2011-04-27 10:37:28 (223 KB/s) - `igtf-policy-installation-bundle-1.38.tar.gz' saved [150942/150942]
+$ wget https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc
+--2011-04-27 10:37:48--  https://dist.eugridpma.info/distribution/igtf/current/igtf-policy-installation-bundle-1.38.tar.gz.asc
+Resolving dist.eugridpma.info... 194.171.96.74
+Connecting to dist.eugridpma.info|194.171.96.74|:443... connected.
+HTTP request sent, awaiting response... 200 OK
+Length: 189 [text/plain]
+Saving to: `igtf-policy-installation-bundle-1.38.tar.gz.asc'
+100%[======================================>] 189         --.-K/s   in 0s      
+2011-04-27 10:37:49 (1.80 MB/s) - `igtf-policy-installation-bundle-1.38.tar.gz.asc' saved [189/189]
+$ gpg --verify igtf-policy-installation-bundle-1.38.tar.gz.asc
+gpg: Signature made Fri Feb  4 05:14:38 2011 CST using DSA key ID 3CDBBC71
+gpg: Good signature from "EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>"
+$ tar xfz igtf-policy-installation-bundle-1.38.tar.gz
+$ cd igtf-policy-installation-bundle-1.38/src/accredited/
+$ cp NERSC-SLCS.* ~/cvs/repo.teragrid.org/security/certificates
+$ cd ~/cvs/repo.teragrid.org/security/certificates/
+$ mv NERSC-SLCS.pem b93d6240.0
+$ mv NERSC-SLCS.info b93d6240.info
+$ mv NERSC-SLCS.crl_url b93d6240.crl_url
+$ mv NERSC-SLCS.signing_policy b93d6240.signing_policy
+$ rm NERSC-SLCS.namespaces 
+$ ln -s b93d6240.0 20b7db76.0
+$ ln -s b93d6240.signing_policy 20b7db76.signing_policy

Added: airavata/sandbox/gsissh/certificates/TACC_MICS_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/TACC_MICS_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/TACC_MICS_provenance (added)
+++ airavata/sandbox/gsissh/certificates/TACC_MICS_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,23 @@
+[ New TACC MICS CA, May 2009 (mccreary) ]
+
+Obtained CA files from Margaret Murray <marg@tacc.utexas.edu> on 13May09
+Tar file and detached signature both obtained via email
+Signature made with this key:
+
+pub   2048R/7373DBE8 2008-11-08
+      Key fingerprint = 8D4F 371E 8E17 8DA8 8FD4  2DB9 B639 1A0C 7373 DBE8
+uid                  Margaret Murray <marg@tacc.utexas.edu>
+sub   2048R/407CB31E 2008-11-08
+
+Verified the fingerprint of this key via telephone.
+
+Extracted these files from the tar file:
+2ac09305.0
+2ac09305.crl_url
+2ac09305.signing_policy
+
+New MICS cert:
+openssl x509 -subject -fingerprint -sha1 -noout -in 2ac09305.0 
+subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA
+SHA1 Fingerprint=E0:45:7E:E9:FD:E5:08:D9:CA:E0:E6:06:42:97:A0:25:0C:E9:B0:A1
+MD5 Fingerprint=5D:6D:10:ED:FC:F2:FF:24:D6:00:DA:1B:9C:D8:13:80

Added: airavata/sandbox/gsissh/certificates/TACC_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/TACC_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/TACC_provenance (added)
+++ airavata/sandbox/gsissh/certificates/TACC_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,68 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ New TACC certificates, Dec 2008 (mccreary) ]
+
+Obtained these files from Margaret Murray <marg@tacc.utexas.edu> on 29Oct08
+	Encrypted with CAST5 using a shared secret exchanged by telephone
+
+e5cc84c2.signing_policy
+e5cc84c2.crl_url
+e5cc84c2.0
+684261aa.0
+684261aa.crl_url
+684261aa.tacc.cadesc
+
+Updated e5cc84c2.tacc.cadesc obtained from Margaret Murray
+	<marg@tacc.utexas.edu> on 10Dec08
+	Verified changes via telephone conversation
+Updated 684261aa.signing_policy obtained from Margaret Murray
+	<marg@tacc.utexas.edu> on 10Dec08
+	Only change is a typo fix
+
+diff 684261aa.signing_policy.OLD 684261aa.signing_policy 
+4c4
+< cond_subjects         globus  '"/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/TACC Classic CA"        "/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/TACC MICS CA"' 
+- - ---
+> cond_subjects         globus  '"/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA"     "/DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC MICS CA"' 
+
+New certs:
+openssl x509 -subject -fingerprint -sha1 -noout -in 684261aa.0 
+subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Root CA
+SHA1 Fingerprint=15:2D:FC:BA:13:11:2C:F5:65:53:AC:94:5F:89:2C:B0:E5:F6:BA:A8
+MD5 Fingerprint=01:46:1D:D5:80:60:5A:4B:CB:B3:61:AA:A1:3D:6C:42
+
+openssl x509 -subject -fingerprint -sha1 -noout -in e5cc84c2.0 
+subject= /DC=EDU/DC=UTEXAS/DC=TACC/O=UT-AUSTIN/CN=TACC Classic CA
+SHA1 Fingerprint=5B:AE:F7:20:B1:3A:91:4F:1C:FE:8F:AF:5E:ED:48:DB:62:0E:47:65
+MD5 Fingerprint=EA:31:04:07:7B:0A:04:EC:DD:B1:A2:75:29:39:83:98
+
+[ Updated cadesc files, June 2010 (mccreary) ]
+
+Obtained corrected cadesc files from Margaret Murray <marg@tacc.utexas.edu>
+on 29Jun10.  Included with the updated cadesc files were detached PGP
+signatures of the files:
+
+684261aa.tacc.cadesc.sig
+e5cc84c2.tacc.cadesc.sig
+
+These signatures were generated with the following key:
+
+pub   2048R/7373DBE8 2008-11-08
+      Key fingerprint = 8D4F 371E 8E17 8DA8 8FD4  2DB9 B639 1A0C 7373 DBE8
+uid                  Margaret Murray <marg@tacc.utexas.edu>
+sub   2048R/407CB31E 2008-11-08
+
+This key has been signed by my own key:
+
+pub   1024D/6851EF26 2006-05-03 [expire: 2011-05-02]
+      Key fingerprint = F9E7 8D30 2833 70A8 611A  42C2 6231 1FE3 6851 EF26
+uid                  Sean McCreary <mccreary@ucar.edu>
+sub   2048g/BD594BA4 2006-05-03 [expire: 2011-05-02]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (Darwin)
+
+iEYEARECAAYFAkwqUBUACgkQYjEf42hR7yZflACg1lV1LTy++UOEeRcvOAFsnEkZ
+zHMAoJ5/pNpdO+12mqZUqa2ol/aWl7HU
+=5wFr
+-----END PGP SIGNATURE-----

Added: airavata/sandbox/gsissh/certificates/UKeScience_provenance
URL: http://svn.apache.org/viewvc/airavata/sandbox/gsissh/certificates/UKeScience_provenance?rev=1514450&view=auto
==============================================================================
--- airavata/sandbox/gsissh/certificates/UKeScience_provenance (added)
+++ airavata/sandbox/gsissh/certificates/UKeScience_provenance Thu Aug 15 19:29:07 2013
@@ -0,0 +1,137 @@
+[ Removed (again?) expiring UK eScience CA certs 53729190.* 367b75c3.* 2013-01-28 dsimmel ]
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+[ Updated UK eScience CA certificate, validity extended to March 31, 2013 (jam,dsimmel 2012-11-01) ]
+
+$ openssl version
+OpenSSL 1.0.0-fips 29 Mar 2010
+
+$ openssl x509 -in 367b75c3.0 -serial -issuer -subject -dates -hash -subject_hash_old -noout
+serial=0121
+issuer= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
+notBefore=Oct 30 09:00:00 2007 GMT
+notAfter=Mar 31 23:59:59 2013 GMT
+53729190
+367b75c3
+
+[ Replacement UK eScience certificates, May 2008 (mccreary) ]
+
+Retrieved from
+<https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/>
+	ca_UKeScienceRoot-2007-1.21.tar.gz
+	ca_UKeScienceCA-2007-1.21.tar.gz
+	ca_UKeScienceRoot-1.21.tar.gz
+	ca_UKeScienceCA-1.21.tar.gz
+
+on 22May08. Web server presented certificate w/ subject:
+
+	CN = dist.eugridpma.info
+	O  = NIKHEF
+	OU = PDP
+Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5
+
+from authority:
+
+	CN = Cybertrust Educational CA
+	O  = Cybertrust
+	OU = Educational CA
+
+Valid from 21Feb07 until 21Feb2010
+
+Fingerprints:
+	SHA1	7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24
+	MD5	5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D
+
+Updated certs:
+openssl x509 -subject -fingerprint -sha1 -noout -in 367b75c3.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA
+SHA1 Fingerprint=CA:1C:B6:6C:A9:E3:27:4D:F7:3E:A9:EB:6A:33:3F:C1:A2:B1:B8:D7
+MD5 Fingerprint=29:74:27:49:A9:9C:C2:BB:1A:FE:58:BB:02:BE:00:E9
+
+openssl x509 -subject -fingerprint -sha1 -noout -in 98ef0ee5.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root
+SHA1 Fingerprint=A1:39:B0:F3:04:6C:0B:F9:F5:0A:1B:33:00:06:4F:83:6B:7D:4F:3E
+MD5 Fingerprint=0E:4A:28:9B:BB:2C:A2:3E:90:8F:AF:11:A6:8B:BE:9E
+
+*.signing_policy files have cosmetic differences:
+
+diff ./367b75c3.signing_policy ../teragrid-certs/367b75c3.signing_policy
+1,4c1,14
+< # @(#)$Id: 367b75c3.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $
+<  access_id_CA     X509    '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA'
+<  pos_rights       globus  CA:sign
+<  cond_subjects    globus  '"/C=UK/O=eScience/*"'
+- - ---
+>  # Signing policy for UK e-Science CA
+>  # This file should be installed in
+>  # /etc/grid-security/certificates
+>  # as <hash>.signing_policy along with
+>  # the CA certificate as <hash>.<digit>
+>  # -- here <hash> is the output of
+>  # openssl x509 -hash -noout -in <certificate>
+>  # and <digit> is the lowest single (decimal)
+>  # digit that makes the file unique (in case
+>  # you have other CA certificates that hash to
+>  # the same value)
+>  access_id_CA      X509         '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA'
+>  pos_rights        globus        CA:sign
+>  cond_subjects     globus     '"/C=UK/O=eScience/*"'
+diff ./98ef0ee5.signing_policy ../teragrid-certs/98ef0ee5.signing_policy
+1,4c1,14
+< # @(#)$Id: 98ef0ee5.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $
+<  access_id_CA   X509    '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root'
+<  pos_rights     globus  CA:sign
+<  cond_subjects  globus  '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"'
+- - ---
+>  # Signing policy for UK e-Science ROOT CA.
+>  # This file should be installed in
+>  # /etc/grid-security/certificates
+>  # as <hash>.signing_policy along with
+>  # the CA certificate as <hash>.<digit>
+>  # -- here <hash> is the output of
+>  # openssl x509 -hash -noout -in <certificate>
+>  # and <digit> is the lowest single (decimal)
+>  # digit that makes the file unique (in case
+>  # you have other CA certificates that hash to
+>  # the same value)
+>  access_id_CA      X509         '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root'
+>  pos_rights        globus        CA:sign
+>  cond_subjects     globus     '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"'
+
+
+*.crl_url contain different extensions:
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/ca-crl.der
+- - ---
+> http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem
+
+Also verified old UKeScience CA and Root certs:
+
+openssl x509 -subject -fingerprint -sha1 -noout -in adcbc9ef.0
+subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA
+SHA1 Fingerprint=0A:E0:5B:0C:64:99:18:2B:4F:FB:15:33:6F:77:33:F9:8E:F2:6D:C7
+MD5 Fingerprint=24:47:F1:F0:BD:1F:3E:E5:AE:4B:55:E9:E3:30:3A:0F
+
+openssl x509 -subject -fingerprint -sha1 -noout -in 8175c1cd.0
+subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA
+SHA1 Fingerprint=88:BF:90:CB:03:C6:10:14:FA:BB:0D:0A:3C:76:DA:D6:6E:21:54:95
+MD5 Fingerprint=A7:AD:F4:F9:37:43:8D:88:B0:EA:50:F9:3F:1E:B0:91
+
+Note that *crl_url for these certs also differs in the extension
+
+1c1
+< http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl
+- - ---
+> http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iEYEARECAAYFAlCS8voACgkQhXXPgPKIJgbvvgCfWJkk24m0qIcLmQU1795J22ya
+fh0AoK/7uerxMR1LhW6603A7CfCHKyuw
+=xdW1
+-----END PGP SIGNATURE-----



Mime
View raw message