| [ Removed (again?) expiring UK eScience CA certs 53729190.* 367b75c3.* 2013-01-28 dsimmel ] |
| |
| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA1 |
| |
| [ Updated UK eScience CA certificate, validity extended to March 31, 2013 (jam,dsimmel 2012-11-01) ] |
| |
| $ openssl version |
| OpenSSL 1.0.0-fips 29 Mar 2010 |
| |
| $ openssl x509 -in 367b75c3.0 -serial -issuer -subject -dates -hash -subject_hash_old -noout |
| serial=0121 |
| issuer= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root |
| subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA |
| notBefore=Oct 30 09:00:00 2007 GMT |
| notAfter=Mar 31 23:59:59 2013 GMT |
| 53729190 |
| 367b75c3 |
| |
| [ Replacement UK eScience certificates, May 2008 (mccreary) ] |
| |
| Retrieved from |
| <https://dist.eugridpma.info/distribution/igtf/current/accredited/tgz/> |
| ca_UKeScienceRoot-2007-1.21.tar.gz |
| ca_UKeScienceCA-2007-1.21.tar.gz |
| ca_UKeScienceRoot-1.21.tar.gz |
| ca_UKeScienceCA-1.21.tar.gz |
| |
| on 22May08. Web server presented certificate w/ subject: |
| |
| CN = dist.eugridpma.info |
| O = NIKHEF |
| OU = PDP |
| Serial Num = 01:00:00:00:00:01:10:E4:53:B7:A5 |
| |
| from authority: |
| |
| CN = Cybertrust Educational CA |
| O = Cybertrust |
| OU = Educational CA |
| |
| Valid from 21Feb07 until 21Feb2010 |
| |
| Fingerprints: |
| SHA1 7D:EF:99:28:66:AB:46:91:AE:0C:05:59:8A:F8:69:60:0F:E0:E0:24 |
| MD5 5D:AE:44:D1:14:F6:E8:8A:BB:EE:AD:3F:7A:1F:13:6D |
| |
| Updated certs: |
| openssl x509 -subject -fingerprint -sha1 -noout -in 367b75c3.0 |
| subject= /C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA |
| SHA1 Fingerprint=CA:1C:B6:6C:A9:E3:27:4D:F7:3E:A9:EB:6A:33:3F:C1:A2:B1:B8:D7 |
| MD5 Fingerprint=29:74:27:49:A9:9C:C2:BB:1A:FE:58:BB:02:BE:00:E9 |
| |
| openssl x509 -subject -fingerprint -sha1 -noout -in 98ef0ee5.0 |
| subject= /C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root |
| SHA1 Fingerprint=A1:39:B0:F3:04:6C:0B:F9:F5:0A:1B:33:00:06:4F:83:6B:7D:4F:3E |
| MD5 Fingerprint=0E:4A:28:9B:BB:2C:A2:3E:90:8F:AF:11:A6:8B:BE:9E |
| |
| *.signing_policy files have cosmetic differences: |
| |
| diff ./367b75c3.signing_policy ../teragrid-certs/367b75c3.signing_policy |
| 1,4c1,14 |
| < # @(#)$Id: 367b75c3.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ |
| < access_id_CA X509 '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA' |
| < pos_rights globus CA:sign |
| < cond_subjects globus '"/C=UK/O=eScience/*"' |
| - - --- |
| > # Signing policy for UK e-Science CA |
| > # This file should be installed in |
| > # /etc/grid-security/certificates |
| > # as <hash>.signing_policy along with |
| > # the CA certificate as <hash>.<digit> |
| > # -- here <hash> is the output of |
| > # openssl x509 -hash -noout -in <certificate> |
| > # and <digit> is the lowest single (decimal) |
| > # digit that makes the file unique (in case |
| > # you have other CA certificates that hash to |
| > # the same value) |
| > access_id_CA X509 '/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA' |
| > pos_rights globus CA:sign |
| > cond_subjects globus '"/C=UK/O=eScience/*"' |
| diff ./98ef0ee5.signing_policy ../teragrid-certs/98ef0ee5.signing_policy |
| 1,4c1,14 |
| < # @(#)$Id: 98ef0ee5.signing_policy,v 1.1 2007/11/15 21:04:34 pmacvsdg Exp $ |
| < access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' |
| < pos_rights globus CA:sign |
| < cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"' |
| - - --- |
| > # Signing policy for UK e-Science ROOT CA. |
| > # This file should be installed in |
| > # /etc/grid-security/certificates |
| > # as <hash>.signing_policy along with |
| > # the CA certificate as <hash>.<digit> |
| > # -- here <hash> is the output of |
| > # openssl x509 -hash -noout -in <certificate> |
| > # and <digit> is the lowest single (decimal) |
| > # digit that makes the file unique (in case |
| > # you have other CA certificates that hash to |
| > # the same value) |
| > access_id_CA X509 '/C=UK/O=eScienceRoot/OU=Authority/CN=UK e-Science Root' |
| > pos_rights globus CA:sign |
| > cond_subjects globus '"/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA"' |
| |
| |
| *.crl_url contain different extensions: |
| |
| 1c1 |
| < http://ca.grid-support.ac.uk/pub/crl/ca-crl.der |
| - - --- |
| > http://ca.grid-support.ac.uk/pub/crl/ca-crl.pem |
| |
| Also verified old UKeScience CA and Root certs: |
| |
| openssl x509 -subject -fingerprint -sha1 -noout -in adcbc9ef.0 |
| subject= /C=UK/O=eScienceCA/OU=Authority/CN=CA |
| SHA1 Fingerprint=0A:E0:5B:0C:64:99:18:2B:4F:FB:15:33:6F:77:33:F9:8E:F2:6D:C7 |
| MD5 Fingerprint=24:47:F1:F0:BD:1F:3E:E5:AE:4B:55:E9:E3:30:3A:0F |
| |
| openssl x509 -subject -fingerprint -sha1 -noout -in 8175c1cd.0 |
| subject= /C=UK/O=eScienceRoot/OU=Authority/L=Root/CN=CA |
| SHA1 Fingerprint=88:BF:90:CB:03:C6:10:14:FA:BB:0D:0A:3C:76:DA:D6:6E:21:54:95 |
| MD5 Fingerprint=A7:AD:F4:F9:37:43:8D:88:B0:EA:50:F9:3F:1E:B0:91 |
| |
| Note that *crl_url for these certs also differs in the extension |
| |
| 1c1 |
| < http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.crl |
| - - --- |
| > http://ca.grid-support.ac.uk/pub/crl/escience-root-crl.pem |
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG v1.4.8 (Darwin) |
| Comment: GPGTools - http://gpgtools.org |
| |
| iEYEARECAAYFAlCS8voACgkQhXXPgPKIJgbvvgCfWJkk24m0qIcLmQU1795J22ya |
| fh0AoK/7uerxMR1LhW6603A7CfCHKyuw |
| =xdW1 |
| -----END PGP SIGNATURE----- |