Changes to the OSG certificates package: NOTE: This CHANGES file lists changes made to the CACert package provided by the OSG security group, and hosted by the OSG GOC. If you are looking for previous listing of CHANGES that were made by the VDT, then please refer to this link: http://vdt.cs.wisc.edu/releases/certs/ca_changes.txt OSG CA Package in new format (md5, sha1 hashes) to support openssl 1.x ===== Version 1.132 (IGTF 1.132) =========== Built 17 DEC 2024 * added new trust anchor for TRGRID transition (TR) ===== Version 1.131 (IGTF 1.131) =========== Built 30 SEP 2024 * removed discontinued HKU-CA-2 authority (HK) * removed obsolete 3rd generation TCS intermediates (EU) ===== Version 1.130 (IGTF 1.130) =========== Built 5 JUL 2024 Note: The version of the OSG CA certs distribution will start following of the IGTF CA certs distribution it is based on. * resolve subjectDN nameformat compatibility issues trust anchor metadata ===== Version 1.120 (IGTF 1.129) =========== Built 24 JUN 2024 * updated CRL URL location for MREN CA (ME) * removed discontinued TSU-GE GRENA CA (GE) * removed suspended BYGCA (BY) * removed discontinued LIP CA (PT) * removed obsolete DT transitional CAs (AE) ===== Version 1.119 (IGTF 1.128) =========== Built 11 MAR 2024 * updated CRL download URL for ArmeSFo (AM) ===== Version 1.118 (IGTF 1.127) =========== Built 20 FEB 2024 * added supplementary issuing CA Issuing CA IGTF - C5 - 1 for eMudhra (IN) * removed discontinued QuoVadis CAs QuoVadis-Grid-ICA-G2 QuoVadis-Root-CA2G3 QuoVadis-Root-CA2 and QuoVadis-Root-CA3G3 (BM) ===== Version 1.117 (IGTF 1.126) =========== Built 3 JAN 2024 * removed replaced InCommon IGTF Server CA and associated Comodo RSA CA (US) * removed discontinued UNLPGrid CA (CL) ===== Version 1.116 (IGTF 1.125) =========== Built 29 NOV 2023 * updated root certificate ArmeSFo CA with extended validity (AM) ===== Version 1.115 (IGTF 1.124) =========== Built 31 OCT 2023 * updated contact meta-data for ArmeSFo authority (AM) * removed discontinued AEGIS authority (RS) * removed suspended KENET Root and issuing CAs (KE) * removed suspended SDG-G2 authority (CN) * removed suspended CNIC authority (CN) * removed all four discontinued DigitalTrust CAs operated by their issuer (AE) ===== Version 1.114 (IGTF 1.123) =========== Built 6 SEPT 2023 * Add ECC private trust hierarchy for GEANT (Research and Education) TCS (EU) * Added accredited private trust eMudhra IGTF root and issuers (IN) ===== Version 1.113 (IGTF 1.122) =========== Built 7 AUG 2023 * Added private trust hierarchy for GEANT (Research and Education) TCS (EU) * Added accredited eMudhra joint public trust root and issuing CAs (IN) * Added private trust eMudhra IGTF root and issuers as experimental (IN, US) ===== Version 1.112 (IGTF 1.121) =========== Built 16 JUN 2023 * Added accredited (classic) InCommon RSA IGTF Server CA 3 under the Sectigo USERTrust RSA root, for which namespaces have been updated (US) ===== Version 1.111 (IGTF 1.120) =========== Built 31 MAY 2023 * Added transitional CDP mirror URLs for retiring DigitalTrust CAs (AE) * Removed discontinued NIIF-Root-CA-2 (HU) * Removed expiring GermanGrid (GridKA CrossGrid) CA (DE) ===== Version 1.110 (IGTF 1.119) =========== Built 13 MAR 2023 * Updated UKeScience Root (2007) wih consistent string encodings (UK) * Removed obsolete SHA1 subordinates DigiCertGridTrustCA-Classic and DigiCertGridCA-1-Classic from DigiCert, reflected in RPDNC namespaces * Experimental (non-accredited) new InCommon RSA IGTF Server CA 2 (ICA under Sectigo USERTrust RSA root, for which namespaces have been updated) (US) * Updated GridCanada CA with re-issued SHA-2 based root (CA) * Updated CILogon basic, silver, and openid with re-issued SHA-2 certs (US) * Updated UKeScience Root (2007) re-issued with SHA-2, retired 2A ICA (UK) ===== Version 1.107 (IGTF 1.117) =========== Built 29 AUG 2022 * Add new intermediate ICA DigiCert Grid-TLS (US) * Add new intermediate ICA DigiCert Grid-Client-RSA2048-SHA256-2022-CA1 (US) * Removed discontinued NCSA-slcs-2013 following end of XSEDE (US) * Removed discontinued PSC-Myproxy-CA following end of XSEDE (US) ===== Version 1.106 (IGTF 1.116) =========== Built 25 APR 2022 * Updated intermediate CERN Grid CA ICA with extended validity (CERN) ===== Version 1.105 (IGTF 1.115) =========== Built 30 MAR 2022 * Removed obsolete CNRS2 CAs, superseded by AC-GRID-FR hierarchy (FR) * Add supplementary BCDR download location for UGRID-G2 CRL (UA) * Extended validity period of HPCI CA (JP) ===== Version 1.104 (IGTF 1.114) =========== Built 19 JAN 2022 * Extended validity for SlovakGrid issuing CA (SK) * SOFTWARE-4965: Completely remove expired Let's Encrypt ROOT CA X3 * SOFTWARE-4965: Completely remove expired Let's Encrypt ROOT CA X4 ===== Version 1.100 (IGTF 1.113) =========== Built 4 OCT 2021 * Suspended MD-GRID CA due to network resolution issues (MD) ===== Version 1.99 (IGTF 1.112) =========== Built 29 SEP 2021 * Remove expiring Let's Encrypt "DST Root X3 CA" ===== Version 1.98 (IGTF 1.112) =========== Built 13 AUG 2021 * Updated ANSPGrid CA with extended validity date (BR) ===== Version 1.97 (IGTF 1.111) =========== Built 24 MAY 2021 * Removed discontinued NERSC-SLCS CA (US) * Removed discontinued MYIFAM CA (MY) ===== Version 1.96 (IGTF 1.110) =========== Built 10 MAY 2021 * Add missing ISRG Root X1 to the DST Root CA X3 signing policy ===== Version 1.95 (IGTF 1.110) =========== Built 22 MAR 2021 * Removed INFN-CA-2015 that has disappeared operationally (IT) ===== Version 1.94 (IGTF 1.109) =========== Built 27 JAN 2021 * Bundle letsencrypt-certificates/lets-encrypt-r{3,4}.pem ===== Version 1.93-2 (IGTF 1.109) =========== Built 27 JAN 2021 * Rebuild with letsencrypt-certificates v0.3.1 ===== Version 1.93 (IGTF 1.109) =========== Built 26 JAN 2021 * Add DST Root CA X3 Let's Encrypt root cert ===== Version 1.92 (IGTF 1.109) =========== Built 19 JAN 2021 * Removed discontinued DM private IGTF classic CAs (AE) * Removed obsolete QuoVadis-Root-CA1, under which no ICAs are left (BM) * Updated QV Grid ICA G2 intermediary following its re-issuance (BM) ===== Version 1.91 (IGTF 1.108) =========== Built 14 DEC 2020 * Added DigitalTrust classic IGTF specific and public trust IGTF CAs (AE) * Updated PCS MyProxy SLCS CRL URL location (US) ===== Version 1.90 (IGTF 1.107) =========== Built 9 DEC 2020 * Add new Let's Encrypt intermediate certificates ===== Version 1.89 (IGTF 1.107) =========== Built 10 AUG 2020 * retired DarkMatterSecureCA and DarkMatterAssuredCA (AE) * removed superseded PolishGrid CA (PL) * Added TCS G4 ECC trust anchors to accredited set (EU) ===== Version 1.88 (IGTF 1.106) =========== Built 4 MAY 2020 * Removed expiring AddTrust External CA Root (US) * Updated legacy DutchGrid (Nikhef MS) Root CA (NL) * Removed discontinued NCSA-tfca-2013 CA (US) * Added TCS G4 ECC trust anchors to experimental area (EU) ===== Version 1.87 (IGTF 1.105) =========== Built 31 MAR 2020 * Discontinued CERN-LCG-IOTA-CA following decommissioning by authority (CERN) * Added new G4 intermediates for the GEANT TCS service and supporting self-signed USERTrust RSA Root (EU) * Updated AddTrust External CA Root signing policy to support legacy UTN chains for GEANT TCS G4 (EU) ===== Version 1.86 (IGTF 1.104) =========== Built 29 JAN 2020 * Reinstated AddTrust External CA Root (US) ===== Version 1.85 =========== Built 27 JAN 2020 * Updated contact addresses for DigiCert (US) * Regrafted InCommon IGTF Server CA onto self-signed Comodo RSA CA (US) * Discontinued superfluous AddTrust External CA Root (US) * Discontinued AustrianGrid CA (AT) ===== Version 1.84 =========== Built 22 OCT 2019 * Added CESNET-CA-4 ICA accredited classic CA for issuer roll-over (CZ) ===== Version 1.83 =========== Built 24 JUNE 2019 * added new trust anchor for PolishGrid (2019) for key roll-over (PL) * withdrawn discontinued CILogon OSG CA (US) ===== Version 1.82 =========== Built 28 MAY 2019 * withdrawn superseded HKU CA (HK) * withdrawn discontinued CyGrid CA following migration to TCS (CY) ===== Version 1.81 =========== Built 29 APR 2019 * withdrawn superseded IRAN-GRID authority (IR) ===== Version 1.80 =========== Built 26 MAR 2019 * temporarily withdrawn EG-GRID 4a96b1ea for network availability reasons (EG) ===== Version 1.79 =========== Built 27 FEB 2019 * withdrawn superseded QuoVadis-Grid-ICA (1st gen) CA (BM) * added new trust anchor MD-Grid-CA-T for rollover of existing CA (MD) * discontinued expiring 2009 series MD-Grid-CA (MD) ===== Version 1.78 =========== Built 08 JAN 2019 IGTF 1.95 release * Updated namespaces and signing_policy files for CILogon Silver CA to permit DNs without "/C=US" (US) ===== Version 1.77 =========== Built 06 NOV 2018 * Included MD5 checksum again ===== Version 1.76 =========== Built 30 OCT 2018 IGTF 1.94 release * extended validity period for the ArmeSFo CA (AM) * withdrawn expiring DFN-SLCS CA (DE) ====== Version 1.75 =========== Built 24 SEPT 2018 IGTF 1.93 release * Updated contact information for HellasGrid-CA (GR) * Removed superseded IGCA CA (IN) ====== Version 1.74 =========== Built 28 JUNE 2018 IGTF 1.92 release * Added HKU CA 2 trust anchor during transitioning period (HK) ====== Version 1.73 =========== Built 15 MAY 2018 IGTF 1.91 release * Updated MREN CA with extended validity period (ME) ====== Version 1.72 =========== Built 7 MAY 2018 * Added root certificate and intermediate certificates for Let's Encrypt CA ====== Version 1.71 =========== Built 4 MAY 2018 * Added new LetsEncrypt CA ====== Version 1.70 =========== Built 27 MAR 2018 IGTF 1.90 release * Added new Grid-FR hierarchy for Renater (AC-GRID-FR series) (FR) * Added new GARUDAINDIA2 root for key roll-over IGCA (IN) * Updated contact metadata for UNAM trust anchors (MX) ====== Version 1.69 =========== Built 16 JAN 2018 IGTF 1.89 release * Discontinued expiring UGRID (2008) root CA (UA) ====== Version 1.68 =========== Built 27 NOV 2017 IGTF 1.88 release * updated UKeScience 2B ICA based on a SHA-2 family digest (UK) * added new PKIUNAMgrid (2017) trust anchor for roll-over (MX) ====== Version 1.67 =========== Built 30 OCT 2017 IGTF 1.87 release * added new accredited classic DarkMatter Private Root G4 and ICA (AE) * updated PK-Grid-2007 trust anchor with extended validity period (PK) * extended validity period for UNAMgrid-ca trust anchor (MX) ====== Version 1.66 =========== Built 9 OCT 2017 IGTF 1.86 release * updated MaGrid CA with extended validity period (MA) * removed discontinued pkIRISGrid CA (ES) * discontinued depricated yum v2 and rpm-apt package management support (only affects yum installs on RHEL/CentOS 2&3, Fedora Core 1-3, and bespoke support for installing RPM packages using APT for pre-2006 RedHat systems) ====== Version 1.65 =========== Built 2 AUG 2017 IGTF 1.85 release * Updated URL domain information for CyGrid (CY) ====== Version 1.64 =========== Built 5 July 2017 IGTF 1.84 release * Updated ROSA root certificate with extended 20yr valitity (RO) * Updated contact details for CyGrid CA following transition to CYNET (CY) * Removed obsoleted KISTI-2007 trust anchor - replaced by KISTIv3 (KR) * Removed expiring LACGrid trust anchor a9082267 (BR) * Added UK Pathfinder AAAI CA 1 to unaccredited (misc) area (UK) ====== Version 1.63 =========== IGTF 1.83 release * Added new trust anchor for accredited KISTI CA v3 (KR) * Removed obsolete GEANT TCS G1 and G2 (old Comodo-backed) trust anchors: UTN-USERFirst-Hardware TERENA-eScience-SSL-CA AAACertificateServices UTNAAAClient TERENAeSciencePersonalCA UTN-USERTrust-RSA-CA TERENA-eScience-SSL-CA-2 TERENAeSciencePersonalCA2 (EU) ====== Version 1.62 =========== IGTF 1.82 release * Added new G2 UGrid trust anchor (UA) * Extended validity for AEGIS CA (RS) * Withdrawn discontinued FNAL KCA (US) * Extended valitity for REUNA CA (CL) ====== Version 1.61 =========== IGTF 1.81 release * Added accredited DarkMatter classic QV-intermediate ICAs (AE) including QuoVadis Root CA 2 G3 and Root CA 3 G3 higher level CAs (BM) * Updated contact information for EUN EG-GRID CA (EG) * Withdrawn classic UKeScienceCA-2A in advance of repurposing (UK) ====== Version 1.60 =========== IGTF 1.80 release * Discontinued BEGrid2008 (BELNET) classic authority (BE) ====== Version 1.59 =========== IGTF 1.79 release * Updated UNLPGrid CA with extended validity period (AR) * Fix regular expressions in CILogon and NCSA CA namespaces files (US) * Included rollover CA IRAN-GRID-CGC-G2 (IR) * Corrected an incorrect line in selected info files for DigiCert (US) * Discontinued expiring NECTEC CA (TH) ====== Version 1.58 =========== Built 10 OCT 2016 IGTF 1.78 release * Updated namespaces and signing_policy files for CILogon Basic CA to permit DNs without "/C=US" (US) * Added G2 series (sha-2) QuoVadis Root 2 and Grid ICA G2 (BM) * Removed discontinued UniandesCA (CO) * Removed superseded INFN-CA-2006 CA (IT) * Updated Debian packaging to support APT security improvements ====== Version 1.57 =========== Built 29 JULY 2016 * Added accredited RCauth.eu IOTA CA and associated root (EU) * Added DutchGrid Root G1 (NL) ====== Version 1.56 =========== Built 5 JULY 2016 IGTF 1.75 release * Discontinued expired UFF BrGrid CA (BR) * Discontinued expired HellasGrid-2006 and associated Root (GR) ====== Version 1.55 =========== Built 19 MAY 2016 IGTF 1.74 release * Removed superseded NorduGrid (2006) CA (DK) * Added HellasGrid 2016 CA (GR) ====== Version 1.54 =========== Built 31 MAR 2016 IGTF 1.73 release * Updated key pair for SDG CA G2 (CN) * Revised URL to point to http endpoint for CERN IOTA ICA CRL (CERN) * Added date field to Debain Release file to work around APT bug 809329 * Added an InRelease file for changing Debian packaging * Added experimental DCA Root G1 and RCauth.eu Pilot ICA G1 (NL, EU) ====== Version 1.53 =========== Built 1 MAR 2016 IGTF 1.72 release * Added roll-over subordinate for the SDG CA G2 (CN) * Added CERN LCG IOTA CA (CERN) * Updated PSC MyProxy CA with extended validity (US) ====== Version 1.52 =========== Built 26 JAN 2016 IGTF 1.71 release * Added accredited classic KENET ICA and associated Root (KE) * Added roll-over subordinate for the SDG CA G2 (CN) * Removed expiring SDG CA (CN) * Updated CyGrid Root CA with extended validity period (CY) * Updated BG-ACAD-CA with extended validity period (BG) ====== Version 1.51 =========== Built 30 NOV 2015 IGTF 1.70 release * Updated CRL URL hosted by KIT for ArmeSFO (AM) * Added NorduGrid 2015 trust anchor (DK,NO,SE,FI,IS) * Discontinued superseded DigiCertGridCA-1G2-Classic (US) ====== Version 1.50 =========== Built 26 OCT 2015 IGTF 1.69 release * Added new INFN "2015" CA as roll-over of the 2006 instance (IT) * Added new CILogon OSG CA (US) * Discontinued BalticGrid CA (EE) ====== Version 1.49 ============ Built 6 OCT 2015 IGTF 1.68 release * Discontinued CALG CA (LV) * Added experimental KENET CAs (KE) ====== Version 1.48 ============ Built 3 SEPT 2015 IGTF 1.67 release * IGTF release jump, skipping 1.66 * Discontinued NCSA-mics CA (US) * Withdrawn G2 root for IPM CA (IR) ====== Version 1.47 ============ Built 30 Jun 2015 IGTF 1.65 release * Discontinued NAREGI CA (JP) * Added addition G2 root for IPM CA (IR) * Added new subjectdn attribute to the trust anchor and profile meta-data files to aid monitoring and authentication-profile based access control mechanism use cases. See http://wiki.eugridpma.org/Main/IGTFInfoFile (ALL) ====== Version 1.46 ============= Built 1 Jun 2015 IGTF 1.64 release * Extended validity period of the BalticGrid CA (EE,LT,LV) * Removed obsolete NICS-MyProxy CA (US) * Added revised DigiCertGridCA-1G2-Classic-2015 Classic CA (US) * Updated CRL URL information for TCS G3 by preferring secondary URI (EU) * Updated RDIG CA with extended validity self-signed root (RU) * Removed obsolete NCSA-slcs CA, replaced by NCSA-slcs-2013 (US) ====== Version 1.45 ============= Built 6 Apr 2015 IGTF 1.63 release * Removed obsoleted and replaced NIIF CA (HU) * Extended validity period of the KEK CA (JP) * Removed obsoleted d254cc30/CERN-Root 1d879c6c/CERN-TCA anchors (CERN) * Updated RPDNC namespaces to permit DigiCert Grid Trust G2 ICAs for DigiCert Assured ID Root CA (US) * Updated RPDNC namespaces and signing_policy files for G2 series DigiCert Grid CAs pending ICA reissuance for reverse RDN issue (US) * Nomalised cond_subject syntax for multiple signing policy files cilogon-basic cilogon-silver InCommon-IGTF-Server-CA NCSA-slcs-2013 NCSA-tfca-2013 Comodo-RSA-CA ====== Version 1.44 ============= Built 23 Feb 2015 IGTF 1.62 release * Added Root CA 2 for NIIF (HU) * Extended validity period for pkIRISgrid CA (ES) * Updated DigiCert root CA meta-data in preparation for TCS (US) * Included GEANT TCS CA G3 trust anchors (EU) * Temporarily suspended HIAST/74c6eaeb for operational reasons (SY) * Discontinued ULAGrid-CA-2008 CA (VE) * Discontinued NCHC CA (TW) ====== Version 1.43 ============= Built 3 Dec 2014 IGTF 1.61 release * Added new IPv6-capable crl_url entries for NCSA and CILogon CAs (US) * Added accredited TSU (Georgia) CA (GE) * Extended life time and updated digest function of AustrianGrid CA (AT) ====== Version 1.42 ============= Built 30 Oct 2014 IGTF 1.60 release * Added new SHA-2 hierarchies for TERENA Certificate Service (ed. 2009) (EU) ====== Version 1.41 ============= Built 1 Oct 2014 IGTF 1.59 release * Added accredited mics HPCI CA (JP) * Updated crl_url for NCSA-slcs-2013 and NCSA-tfca-2013 (US) * Renamed QuoVadis classic grid issuing CA to QuoVadis-Grid-ICA (CH, BM) ====== Version 1.40 ============= Built 30 Jun 2014 * OSG is including IGTF iota profiles starting from this release IGTF 1.58 release * Added accredited classic InCommon Server IGTF SSL CA and intermediate Comodo RSA CA (SHA-2) (US) * Extended permitted namespaces for AddTrust-External-CA-Root (EU, US) * Updated CILogon Basic CA from experimental to accredited:iota (US) * Updated certificate URL for IHEP-CA-2013 39d30eba (CN) * Discontinued expiring SEE-GRID '2004' CA - since replaced by new SEEGRID-CA-2013 (GR) * Discontinued retired PRAGMA-UCSD CA (US) ====== Version 1.39 ============= Built 3 Jun 2014 IGTF 1.57 release * Discontinued obsoleted IHEP (2009) CA ba2f39ca (CN) * Removed discontinued NCSA Two Factor CA following migration to NCSA Two Factor CA 2013 (US) ====== Version 1.38 ============= Built 3 Apr 2013 IGTF 1.56 release * Removed discontinued SWITCHslcs2011 and associated Root (CH) * Removed discontinued APAC CA (AU) * Removed discontinued DoEGrids CA and ESnet root (US) * Add reference to CA website for AustrianGrid CA (AT) * Add new subordinates for DigiCert: 1cdf1cd9/DigiCertGridCA-1G2-Classic and 5d9ea26d/DigiCertGridTrustCAG2-Classic (US) * Add meta-package for the IOTA-accredited CAs. Please note that there are no IOTA accredited CAs as this point in time. For specifications see https://www.eugridpma.org/guidelines/IOTA/ * Debian packaging dependencies in meta-packages now correctly use all- lower-case package names throughout Changes from OSG * Removed PurdueCA and PurdueTeragridRA since they have been decommissioned. ====== Version 1.37 ============= Built 27 Jan 2014 * Renamed 772dbd1.* to da213f5b.* to fix error in IGTF 1.55 old-format release. New format release is unchanged. ====== Version 1.36 ============= Built 3 Dec 2013 IGTF 1.55 release * New root certificate with extended life time for NorduGrid CA 1f0e8352 (DK) * Updated contact metadata for all RENATER Grid-FR related CAs (FR) * Updated CRL URL and metadata for IHEP 2013 CA 39d30eba (CN) * New root certificates for NCSA CA re-key: MyProxy CA 2013 c36f6349/7aa2b7bd and Two Factor CA 2013 ca157cee/48c8f10a (US) * New root certificate for EGI catch-all CA "SEEGRID-CA-2013" 772dbd1c (GR) * Removed AIST Grid CA (JP) * Discontinued IUCC CA (6fee79b0) following migration to TCS (IL) * Suspended JUnet-CA (b3222f9e) (JO) * Removed expired unaccredited CAs (misc) * Added unaccredited worthless NL e-Infra Zero tutorial CA 338a3561 (NL) ====== Version 1.35 ============= Built 1 Jul 2013 IGTF 1.54 release * Extended life time of Grid-KA CA (dd4b34ea) (DE) * Added new CERN hierarchy for CERN IT/IS CA (SHA2 migration) (CH) * Updated metadata for GridGermany DFN-CERT CAs (DE) * Updated contact metadata for KEK (JP) * Updated contact metadata for HKU (HK) * Updated contact metadata for AIST (JP) ====== Version 1.34 ============= Built 11 Jun 2013 IGTF 1.53 release * Added new root cert for IHEP CA (2013) (CN) * Removed retired NCSA GridShib CA (e8ac4b61) (US) * Removed backup crl_url locations for CILogon CAs due to future crl.doegrids.org shutdown. (US) * Removed retired TACC CAs (2ac09305, 684261aa, e5cc84c2) (US) * Updated NERSC CA (b93d6240) to extend validity and change to self-signed rather than subordinate to ESnet (US) ====== Version 1.33 ============= Built 28 Jan 2013 IGTF 1.52 release * Extended validity of ArmeSFo Root CA (d0c2a341) (AM) * Obsoleted UKeScienceCA-2007 and updated Root CRL URL and metadata (UK) * removed expiring and unaccredited 'convenience' CAs from the distribution (Thawte, ZA, TERENA SCS, BE) ===== Version 1.32 ============= Built 3 Dec 2012 IGTF 1.51 release * Due to the unfortunate closure of Grid-Ireland, the Grid-Ireland CA (1e43b9cc) has been discontinued (IE) * extended expiry date for CyGrid CA (afe55e66) (CY) ====== Version 1.31 ============= Built 2 Oct 2012 IGTF 1.49 release * Added ANSPGrid (126f0acf) classic CA (BR) * Extended root cert validity for CA ce33db76 to 20yr (IR) IGTF 1.50 release * Added accredited classic EG-GRID CA (EG) * Extended life time of UKeScience (2007) issuing CA (UK) ====== Version 1.29 ============= Built 11 Jun 2012 IGTF 1.48 • Extended life time of DFN GridGermany Root (1149214e) and CDPs (DE) ====== Version 1.28 ============= Built 03 May 2012 IGTF 1.47 release Changes from IGTF * Updates CA URL metadata and CRL for pkIRISGrid CA (ES) * Added accredited classic MYIFAM CA (MY) ====== Version 1.27 ============= Built 5 Apr 2012 IGTF 1.46 release Changes from IGTF * Added accredited NCSA 2-factor SLCS CA (US) * Removed discontinued CESNET (9b59ecad) CA (CZ) ====== Version 1.26 ============= Built 10 Feb 2012 IGTF 1.44 release Changes from IGTF * Added accredited classic DigiCert CA chains (US) * Extended life time of UGRID root cert (UA) ====== Version 1.25 ============= Built 12 Dec 2011 IGTF 1.43 release Changes from IGTF * Added new SWITCHslcs 2011 CA, replacing SWITCHslcs 2009 (CH) * Updated contact information for SWITCH CAs (CH) * Added new accredited classic JUnet CA (JO) * Added additional CRL URL for DOEGrids CA in certificate and meta data (US) * Added additional CRL URL for ESnet Root CA in meta data (US) * Updated institute information for KIT in signing_policy file (DE) * Updated enrolment URLs for Grid-FR CA (FR) ====== Version 1.24 ============= Built 11 Oct 2011 IGTF 1.42 release Changes from IGTF Corrected signing_policy file for UKeScience CA 2B (UK) ====== Version 1.23 ============= Built 27 Sept 2011 IGTF 1.41 release Changes from IGTF * Added accredited PSC MyProxy SLCS CA (US) * Updated CRL URL for LIPCA (PT) * Extended life time of SlovakGrid CA root (SK) * Added accredited DZ-eScience CA (DZ) * Added accredited NICS SLCS MyProxy CA (US) * Added new UK eScience issuing CAs 2A and 2B to allowed namespaces and removed superfluous signing policy entries (UK) * Normalised the certificate files (.0) for selected CAs in the 'old' format distribution. This does not affect the 'new' OpenSSL v1+ compatible release. Affected CAs are CESNET, NIKHEF, NIIF, DFN-GridGermany-Root, PSC-Myproxy-CA, and NERSC-SLCS. Old and new format files are now identical. * The "worthless" area, containing some files that are distributed merely for convenience for selected specific purposes, has been re-named to "unaccredited". Files contained in this directory must be treated with utmost care, and their inclusion in the distribution does not constitute any form of endorsement by the IGTF of these files or their content. * Added unaccredited InCommon Server CA to convenience directory (US) ====== Version 1.22 ============= Built 8 Sept 2011 IGTF 1.40 release Changes from OSG Old format and new format now have same md5sum ====== Version 1.21 ============= Built 15 Aug 2011 IGTF 1.40 release Changes from OSG * Syrian CA removed because CRL has never been distributed. OSG ticket #10840. Will consider restoring in the next IGTF release ====== Version 1.20 ============= Built 25 July 2011 IGTF 1.40 release Changes from IGTF * Corrected fingerprint meta-data for UniAndes CA (CO) * Change of contact address for NAREGI CA (JP) * Change of contact address for GermanGrid CA (DE) * Added accredited classic HIAST CA (SY) * Added accredited classic Uni Andes CA (CO) * Extended life time of root certificate for SiGNET-CA (SI) * Extended life time of root certificate for Grid-Ireland (IE) * New issuing certificates (2A, 2B) for UKeScience (GB) * Updated extensions for DOEGrids-CA-1 issuing CA (US) This is the first production built for new caches establised by GOC for Security team to aid transition of OSG production to new CA format NOTE: Versions 1.18 and 1.19 were only used for ITB testing ===== Version 1.17 ============== Built 7 Feb 2011 IGTF 1.38 - current hash format (openssl 0.9x) Changes from by IGTF * Updated meta-data info file for SRCE (HR) * Updated KEK CA root (617ff41b) with extended life time (JP) * Updated contact email address for ArmeSFo (AM) * Extended allowed namespace and new URL for SEE-GRID CA as EGI catch-all (EU) * Extended allowed namespace for NAREGI CA (JP) * Added accredited CILogin MICS CA (US) * Extended life time for NCSA CACL (MICS) CA (US) * Extended life time for NCSA MyProxy (SLCS) CA (US) * Extended life time for NorduGrid CA (DK,NO,SE,FI,SI) * Corrected namespaces file for TCS eScience Personal (EU) Additional OSG Changes: None ===== Version 1.16 ================= Built 28 Sep 2010 IGTF 1.37 - current hash format (openssl 0.9x) Added in 1.16 relative to 1.15a 20ce830e - TERENA-eScience-SSL-CA 3c58f906 - AddTrust-External-CA-Root ff783690 - UTN-USERFirst-Hardware Removed in 1.16 relative to 1.15a d1737728 - NGO-Netrust Updated relative to 1.15a: Minor changes in some metadata files. ===== Version 1.15a ================= Built 29 Jun 2010 IGTF 1.36 - current hash format (openssl 0.9x) Updated relative to 1.13: 8a661490 root certificate for PLGrid with corrected SAN extension (PL) ff94d436 root certificate for SRCE with new extensions and life time (HR) 1f3834d0 root certificate for ROSA with new AKI extension and serial (RO) Removed relative to 1.13: e1fce4e9 FNAL_KCA obsolete CA from experimental area (US) Updated format of INDEX.txt and INDEX.html files to be consistent with the format with the new IGTF layout coming in a future release. ===== Version 1.15 ================== Released 25 June 2010 and removed immediately due to manifest file pointing to wrong location for tar file. ===== Version 1.14x ================= Not released on production OSG IGTF 1.35 - new hash format ===== Version 1.13 ================= Released 18 Feb 2010 IGTF 1.34 - current hash format Updated edca0fc0 CESNET-CA-Root to fix a broken signing_policy file ===== Version 1.12 ================== Released 15 Feb 2010 IGTF 1.33 - current hash format Removed 12a1d8c2 CNRS-Grid-FR 34a509c3 CNRS-Projets cf4ba8c8 CNRS Added 169d7f9c TERENAeSciencePersonalCA 712ae4cc CESNET-CA-3 75680d2e AAACertificateServices 9ec3a561 UTNAAAClient edca0fc0 CESNET-CA-Root Updated 1e12d831 APAC ... 1 file changed 295adc19 REUNA-ca ... 1 file changed 6e3b436b AustrianGrid ... 2 files changed 8a661490 PolishGrid ... 2 files changed e8d818e6 BEGrid2008 ... 1 file changed ===== Version 1.11 =================== Released 29-Jan-2010 Continue with IGTF 1.32: * Added a Debian package to the distribution similar to the rpm/yum packaging. See https://twiki.grid.iu.edu/bin/view/Security/CADistribution#References for information regarding the apt repository. * Signed the distribution with a new OSG Security Team PGP key, id 7FD42669. You can pick up the new PGP key from https://twiki.grid.iu.edu/bin/view/Security/SecurityTeamMembers ===== Version 1.10 =================== Released 27-Oct-2009 Updated to IGTF 1.32: * Updated country TLD in URLs and email for AEGIS CA (RS) * Updated contact information for CALC CA (LV) * Extended life time and updated profile or TR-Grid CA cert and CRL URL (TR) * Updated and added references to CP and CPS documents for the following authorities: HellasGrid (GR), ROSA (RO), DutchGrid (NL), IRAN-GRID (IR), and BYGCA (BY) * Withdrawn obsolete CAs SWITCH-Personal-2007, SwissSign-Root, SWITCH, SwissSign-Bronze, SwissSign-Silver, SWITCH-Server-2007 (CH) * Withdrawn expired and discontinued CA RMKI (HU) ===== Version 1.9 ==================== Released 28-Jul-2009 Updated to IGTF 1.31: * Removed expired root certificate for BEGrid (03aa0ecb) (BE) * Removed expired and discontinued User and Server issuing CAs for DFN (fe102e03 and 34f8e29c) (DE) ===== Version 1.8 ==================== Released 1-Jul-2009 Removed obsolete expiring CAs: * DFN-Verein User CA Grid - G01, hash 34f8e29c * DFN-Verein Server CA Grid - G01, hash fe102e03 ===== Version 1.7 ==================== Released 3-Jun-2009 Updated to IGTF 1.30: * Updated contact meta-data for BYGCA, hash 709bed08 (BY) * Updated URLs for DFN Grid PKI public web pages (DE) * Added accredited NCSA GridShib SLCS CA (US) * Added accredited DFN SLCS CA (DE) * Added accredited TACC MICS CA (US) * Added accredited SWITCH (QuoVadis anchored) CAs (CH) * Added accredited FNAL-SLCS CA (US) ===== Version 1.6 ==================== Released 5-May-2009 Updated to IGTF 1.29: * Restored NGO-Netrust CA with hash d1737728 (SG) * Updated AIST Grid (CRL) URL metadata (JP) * Added accredited MD-Grid CA with hash 9ff26ea4 (MD) * Added accredited HKU Grid CA with hash 4798da47 (HK) * Updated signing policy file of APAC Grid CA (AU) * Added accredited classic BYGCA (Belarus) with hash 709bed08 (BY) * Updated namespace for the APAC CA (AU, NZ) ===== Version 1.5 ==================== Released 10-Mar-2009 Updated to IGTF 1.28: * Added accredited classic ULAGrid CA (VE) * Added accredited TACC Root and TACC Classic CAs (US) * Updated NERSC CRL URL download location (US) * Updated DOEGrids CRL URL download location (US) * Extended life time of NorduGrid CA (1f0e8352) (DK,SE,NO,FI,IS) * Added SigmaNet CALG CA (LV) * Updated AEGIS CA root certificate to reflect TLD name change (RS) * Added CRL for SWITCH-SLCS issuing CA (304cf809) (CH) Removed unaccredited CAs: * PSC Kerberos CA (290a3b29) * PSC Root CA (9b88e95b) * PSC Hosts CA (acc06fda) * SDSC (3deda549) * NPACI (b89793e4) * TACC (9a1da9f9) * old NCSA CA (4a6cd8b1) ===== Version 1.4 ==================== Released 3-Feb-2009 Updated to IGTF 1.27 * Corrected signing namespace for BEGrid2008 CA (e8d818e6) * Added NERSC SLCS CA (b93d6240) * ASGCCA-2007 changed signature algorithm from MD5 to SHA1 (9cd75e87) * Added new CNRS2 hierarchy: CNRS2 (163af95c) -> CNRS2-Projets (09ff08b7) -> CNRS2-Grid-FR (d11f973e) * Updated IUCC root certificate (6fee79b0) * Removed EstonianGrid CA (566bf40f) ===== Version 1.3 ==================== Released 15-Dec-2008 Updated to IGTF 1.26 * Added accredited classic Indian Grid CA (da75f6a8) * Updated IUCC root certificate with extended life time (6fee79b0) * Updated BEGrid and UCSD-PRAGMA URL metadata * New BEGrid2008 root certificate (e8d818e6) * Extended life time of the SEE-GRID CA (468d15b3) * Included CRL for NCSA SLCS CA (f2e89fe3) * Temporally suspended NGO-Netrust CA (d1737728) ===== Version 1.2 ==================== Released 9-Dec-2008 - Removed expired PK-Grid certificate (d2a353a5), superseded by PK-Grid-2007 CA (f5ead794) ===== Version 1.1 ==================== Released 29-Sep-2008 - based on IGTF 1.25 - added Taiwan NCHC ===== Initial version: 1.0 ===== NOTE: This initial GOC hosted release is based on the VDT v39 CA Certificate distribution, with the following changes. Please note that the VDT and OSG GOC certificates are now independently distributed and versioned. Released on 3-Sep-2008 - Updated to new Fermilab KCA CA certificate (e1fce4e9.0) - Removed doegrids/grid-cert-request and associated files