Google Git
Sign in
apache / airavata-sandbox / 18664ec8acb5d11b81555adb06bb69f8b4f2a5f1 / . / grid-tools / certificates / PSC_provenance
blob: a1ed07c1df4c2bcc29435ad9db5fc2de04dfa610 [file] [log] [blame]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ Verify new PSC CA, April 2010 (mccreary) ]
New CA cert tarball obtained on 23Apr2010 vi email from
Derek Simmel <dsimmel@psc.edu>. A good PGP signature for this tar file was
sent in the same email message, using a PGP key I have signed myself. The
signature was made with this key:
pub 1024D/F2882606 2004-01-12
Key fingerprint = EC23 8D42 69B3 3EBB 9850 F972 8575 CF80 F288 2606
uid Derek Simmel <dsimmel@psc.edu>
sub 2048g/DB7D9741 2004-01-12
This key has been signed by my own key:
pub 1024D/6851EF26 2006-05-03 [expire: 2011-05-02]
Key fingerprint = F9E7 8D30 2833 70A8 611A 42C2 6231 1FE3 6851 EF26
uid Sean McCreary <mccreary@ucar.edu>
sub 2048g/BD594BA4 2006-05-03 [expire: 2011-05-02]
Extracted the following files from the tar file:
9b88e95b.0
9b88e95b.crl_url
9b88e95b.psc-root.cadesc
9b88e95b.signing_policy
acc06fda.0
acc06fda.crl_url
acc06fda.psc-host.cadesc
acc06fda.signing_policy
4b2783ac.0
4b2783ac.crl_url
4b2783ac.psc-myproxy.cadesc
4b2783ac.signing_policy
4b2783ac.info
4b2783ac.namespaces
Note that the *.crl_url files refer to the DER-format revocation lists. We
require PEM-format revocation lists, so I have included the alternate URLs
for these files (i.e. I replaced http://foo/bar/XXXXXXXX.crl with
http://foo/bar/XXXXXXXX.r0 in each file).
9b88e95b already exists in the tarball. I've verified that the CA cert is
identical with the following differences in the signing_policy file:
openssl x509 -subject -fingerprint -sha1 -noout -in 9b88e95b.0
subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA
SHA1 Fingerprint=76:14:59:94:16:2B:E2:05:C9:16:3F:85:8E:7C:70:EE:B9:DD:84:50
MD5 Fingerprint=A4:DC:F4:AB:62:B1:6B:8C:90:78:03:94:A6:8E:B9:5A
$ diff 9b88e95b.signing_policy ../certificates-/9b88e95b.signing_policy
3c3
< cond_subjects globus '"/C=US/O=Pittsburgh Supercomputing Center/*"'
- - ---
> cond_subjects globus '"/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Root CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA" "/C=US/O=Pittsburgh Supercomputing Center/CN=PSC Web Services CA"'
acc06fda also already exists in the tarball. I've verified that the CA cert
and signing_policy files are identical.
openssl x509 -subject -fingerprint -sha1 -noout -in acc06fda.0
subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC Hosts CA
SHA1 Fingerprint=6C:CD:19:F1:36:B8:49:01:C4:E4:3B:0B:56:44:9D:58:4B:89:14:88
MD5 Fingerprint=C7:76:67:51:73:EE:F3:13:FA:12:DA:CB:95:CC:2E:C1
4b2783ac is a new addition to the tarball:
openssl x509 -subject -fingerprint -sha1 -noout -in 4b2783ac.0
subject= /C=US/O=Pittsburgh Supercomputing Center/CN=PSC MyProxy CA
SHA1 Fingerprint=F8:13:D4:7B:44:9C:4A:83:CF:E3:A5:59:37:5C:9F:F7:FA:0A:1D:66
MD5 Fingerprint=21:F7:B4:30:26:C7:49:5E:F3:56:61:D4:73:A3:32:A1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkvYfeQACgkQYjEf42hR7yaXOgCeM7u14ay4UI7Q5SJfnNCmsp4i
K+UAn2Hr9KB3ZZ+2HtOVQN/wWGgAkuSL
=BVSC
-----END PGP SIGNATURE-----