-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathCHANGES
990 lines (761 loc) · 32.1 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Changes to the OSG certificates package:
NOTE: This CHANGES file lists changes made to the CACert package
provided by the OSG security group, and hosted by the OSG GOC.
If you are looking for previous listing of CHANGES that were made by
the VDT, then please refer to this link:
http://vdt.cs.wisc.edu/releases/certs/ca_changes.txt
OSG CA Package in new format (md5, sha1 hashes) to support openssl 1.x
===== Version 1.132 (IGTF 1.132) ===========
Built 17 DEC 2024
* added new trust anchor for TRGRID transition (TR)
===== Version 1.131 (IGTF 1.131) ===========
Built 30 SEP 2024
* removed discontinued HKU-CA-2 authority (HK)
* removed obsolete 3rd generation TCS intermediates (EU)
===== Version 1.130 (IGTF 1.130) ===========
Built 5 JUL 2024
Note: The version of the OSG CA certs distribution will start following of
the IGTF CA certs distribution it is based on.
* resolve subjectDN nameformat compatibility issues trust anchor metadata
===== Version 1.120 (IGTF 1.129) ===========
Built 24 JUN 2024
* updated CRL URL location for MREN CA (ME)
* removed discontinued TSU-GE GRENA CA (GE)
* removed suspended BYGCA (BY)
* removed discontinued LIP CA (PT)
* removed obsolete DT transitional CAs (AE)
===== Version 1.119 (IGTF 1.128) ===========
Built 11 MAR 2024
* updated CRL download URL for ArmeSFo (AM)
===== Version 1.118 (IGTF 1.127) ===========
Built 20 FEB 2024
* added supplementary issuing CA Issuing CA IGTF - C5 - 1 for eMudhra (IN)
* removed discontinued QuoVadis CAs QuoVadis-Grid-ICA-G2 QuoVadis-Root-CA2G3
QuoVadis-Root-CA2 and QuoVadis-Root-CA3G3 (BM)
===== Version 1.117 (IGTF 1.126) ===========
Built 3 JAN 2024
* removed replaced InCommon IGTF Server CA and associated Comodo RSA CA (US)
* removed discontinued UNLPGrid CA (CL)
===== Version 1.116 (IGTF 1.125) ===========
Built 29 NOV 2023
* updated root certificate ArmeSFo CA with extended validity (AM)
===== Version 1.115 (IGTF 1.124) ===========
Built 31 OCT 2023
* updated contact meta-data for ArmeSFo authority (AM)
* removed discontinued AEGIS authority (RS)
* removed suspended KENET Root and issuing CAs (KE)
* removed suspended SDG-G2 authority (CN)
* removed suspended CNIC authority (CN)
* removed all four discontinued DigitalTrust CAs operated by their issuer (AE)
===== Version 1.114 (IGTF 1.123) ===========
Built 6 SEPT 2023
* Add ECC private trust hierarchy for GEANT (Research and Education) TCS (EU)
* Added accredited private trust eMudhra IGTF root and issuers (IN)
===== Version 1.113 (IGTF 1.122) ===========
Built 7 AUG 2023
* Added private trust hierarchy for GEANT (Research and Education) TCS (EU)
* Added accredited eMudhra joint public trust root and issuing CAs (IN)
* Added private trust eMudhra IGTF root and issuers as experimental (IN, US)
===== Version 1.112 (IGTF 1.121) ===========
Built 16 JUN 2023
* Added accredited (classic) InCommon RSA IGTF Server CA 3 under the
Sectigo USERTrust RSA root, for which namespaces have been updated (US)
===== Version 1.111 (IGTF 1.120) ===========
Built 31 MAY 2023
* Added transitional CDP mirror URLs for retiring DigitalTrust CAs (AE)
* Removed discontinued NIIF-Root-CA-2 (HU)
* Removed expiring GermanGrid (GridKA CrossGrid) CA (DE)
===== Version 1.110 (IGTF 1.119) ===========
Built 13 MAR 2023
* Updated UKeScience Root (2007) wih consistent string encodings (UK)
* Removed obsolete SHA1 subordinates DigiCertGridTrustCA-Classic
and DigiCertGridCA-1-Classic from DigiCert, reflected in RPDNC namespaces
* Experimental (non-accredited) new InCommon RSA IGTF Server CA 2 (ICA under
Sectigo USERTrust RSA root, for which namespaces have been updated) (US)
* Updated GridCanada CA with re-issued SHA-2 based root (CA)
* Updated CILogon basic, silver, and openid with re-issued SHA-2 certs (US)
* Updated UKeScience Root (2007) re-issued with SHA-2, retired 2A ICA (UK)
===== Version 1.107 (IGTF 1.117) ===========
Built 29 AUG 2022
* Add new intermediate ICA DigiCert Grid-TLS (US)
* Add new intermediate ICA DigiCert Grid-Client-RSA2048-SHA256-2022-CA1 (US)
* Removed discontinued NCSA-slcs-2013 following end of XSEDE (US)
* Removed discontinued PSC-Myproxy-CA following end of XSEDE (US)
===== Version 1.106 (IGTF 1.116) ===========
Built 25 APR 2022
* Updated intermediate CERN Grid CA ICA with extended validity (CERN)
===== Version 1.105 (IGTF 1.115) ===========
Built 30 MAR 2022
* Removed obsolete CNRS2 CAs, superseded by AC-GRID-FR hierarchy (FR)
* Add supplementary BCDR download location for UGRID-G2 CRL (UA)
* Extended validity period of HPCI CA (JP)
===== Version 1.104 (IGTF 1.114) ===========
Built 19 JAN 2022
* Extended validity for SlovakGrid issuing CA (SK)
* SOFTWARE-4965: Completely remove expired Let's Encrypt ROOT CA X3
* SOFTWARE-4965: Completely remove expired Let's Encrypt ROOT CA X4
===== Version 1.100 (IGTF 1.113) ===========
Built 4 OCT 2021
* Suspended MD-GRID CA due to network resolution issues (MD)
===== Version 1.99 (IGTF 1.112) ===========
Built 29 SEP 2021
* Remove expiring Let's Encrypt "DST Root X3 CA"
===== Version 1.98 (IGTF 1.112) ===========
Built 13 AUG 2021
* Updated ANSPGrid CA with extended validity date (BR)
===== Version 1.97 (IGTF 1.111) ===========
Built 24 MAY 2021
* Removed discontinued NERSC-SLCS CA (US)
* Removed discontinued MYIFAM CA (MY)
===== Version 1.96 (IGTF 1.110) ===========
Built 10 MAY 2021
* Add missing ISRG Root X1 to the DST Root CA X3 signing policy
===== Version 1.95 (IGTF 1.110) ===========
Built 22 MAR 2021
* Removed INFN-CA-2015 that has disappeared operationally (IT)
===== Version 1.94 (IGTF 1.109) ===========
Built 27 JAN 2021
* Bundle letsencrypt-certificates/lets-encrypt-r{3,4}.pem
===== Version 1.93-2 (IGTF 1.109) ===========
Built 27 JAN 2021
* Rebuild with letsencrypt-certificates v0.3.1
===== Version 1.93 (IGTF 1.109) ===========
Built 26 JAN 2021
* Add DST Root CA X3 Let's Encrypt root cert
===== Version 1.92 (IGTF 1.109) ===========
Built 19 JAN 2021
* Removed discontinued DM private IGTF classic CAs (AE)
* Removed obsolete QuoVadis-Root-CA1, under which no ICAs are left (BM)
* Updated QV Grid ICA G2 intermediary following its re-issuance (BM)
===== Version 1.91 (IGTF 1.108) ===========
Built 14 DEC 2020
* Added DigitalTrust classic IGTF specific and public trust IGTF CAs (AE)
* Updated PCS MyProxy SLCS CRL URL location (US)
===== Version 1.90 (IGTF 1.107) ===========
Built 9 DEC 2020
* Add new Let's Encrypt intermediate certificates
===== Version 1.89 (IGTF 1.107) ===========
Built 10 AUG 2020
* retired DarkMatterSecureCA and DarkMatterAssuredCA (AE)
* removed superseded PolishGrid CA (PL)
* Added TCS G4 ECC trust anchors to accredited set (EU)
===== Version 1.88 (IGTF 1.106) ===========
Built 4 MAY 2020
* Removed expiring AddTrust External CA Root (US)
* Updated legacy DutchGrid (Nikhef MS) Root CA (NL)
* Removed discontinued NCSA-tfca-2013 CA (US)
* Added TCS G4 ECC trust anchors to experimental area (EU)
===== Version 1.87 (IGTF 1.105) ===========
Built 31 MAR 2020
* Discontinued CERN-LCG-IOTA-CA following decommissioning by authority (CERN)
* Added new G4 intermediates for the GEANT TCS service and supporting
self-signed USERTrust RSA Root (EU)
* Updated AddTrust External CA Root signing policy to support legacy UTN
chains for GEANT TCS G4 (EU)
===== Version 1.86 (IGTF 1.104) ===========
Built 29 JAN 2020
* Reinstated AddTrust External CA Root (US)
===== Version 1.85 ===========
Built 27 JAN 2020
* Updated contact addresses for DigiCert (US)
* Regrafted InCommon IGTF Server CA onto self-signed Comodo RSA CA (US)
* Discontinued superfluous AddTrust External CA Root (US)
* Discontinued AustrianGrid CA (AT)
===== Version 1.84 ===========
Built 22 OCT 2019
* Added CESNET-CA-4 ICA accredited classic CA for issuer roll-over (CZ)
===== Version 1.83 ===========
Built 24 JUNE 2019
* added new trust anchor for PolishGrid (2019) for key roll-over (PL)
* withdrawn discontinued CILogon OSG CA (US)
===== Version 1.82 ===========
Built 28 MAY 2019
* withdrawn superseded HKU CA (HK)
* withdrawn discontinued CyGrid CA following migration to TCS (CY)
===== Version 1.81 ===========
Built 29 APR 2019
* withdrawn superseded IRAN-GRID authority (IR)
===== Version 1.80 ===========
Built 26 MAR 2019
* temporarily withdrawn EG-GRID 4a96b1ea for network availability reasons (EG)
===== Version 1.79 ===========
Built 27 FEB 2019
* withdrawn superseded QuoVadis-Grid-ICA (1st gen) CA (BM)
* added new trust anchor MD-Grid-CA-T for rollover of existing CA (MD)
* discontinued expiring 2009 series MD-Grid-CA (MD)
===== Version 1.78 ===========
Built 08 JAN 2019
IGTF 1.95 release
* Updated namespaces and signing_policy files for CILogon Silver CA to permit DNs without "/C=US" (US)
===== Version 1.77 ===========
Built 06 NOV 2018
* Included MD5 checksum again
===== Version 1.76 ===========
Built 30 OCT 2018
IGTF 1.94 release
* extended validity period for the ArmeSFo CA (AM)
* withdrawn expiring DFN-SLCS CA (DE)
====== Version 1.75 ===========
Built 24 SEPT 2018
IGTF 1.93 release
* Updated contact information for HellasGrid-CA (GR)
* Removed superseded IGCA CA (IN)
====== Version 1.74 ===========
Built 28 JUNE 2018
IGTF 1.92 release
* Added HKU CA 2 trust anchor during transitioning period (HK)
====== Version 1.73 ===========
Built 15 MAY 2018
IGTF 1.91 release
* Updated MREN CA with extended validity period (ME)
====== Version 1.72 ===========
Built 7 MAY 2018
* Added root certificate and intermediate certificates for Let's Encrypt CA
====== Version 1.71 ===========
Built 4 MAY 2018
* Added new LetsEncrypt CA
====== Version 1.70 ===========
Built 27 MAR 2018
IGTF 1.90 release
* Added new Grid-FR hierarchy for Renater (AC-GRID-FR series) (FR)
* Added new GARUDAINDIA2 root for key roll-over IGCA (IN)
* Updated contact metadata for UNAM trust anchors (MX)
====== Version 1.69 ===========
Built 16 JAN 2018
IGTF 1.89 release
* Discontinued expiring UGRID (2008) root CA (UA)
====== Version 1.68 ===========
Built 27 NOV 2017
IGTF 1.88 release
* updated UKeScience 2B ICA based on a SHA-2 family digest (UK)
* added new PKIUNAMgrid (2017) trust anchor for roll-over (MX)
====== Version 1.67 ===========
Built 30 OCT 2017
IGTF 1.87 release
* added new accredited classic DarkMatter Private Root G4 and ICA (AE)
* updated PK-Grid-2007 trust anchor with extended validity period (PK)
* extended validity period for UNAMgrid-ca trust anchor (MX)
====== Version 1.66 ===========
Built 9 OCT 2017
IGTF 1.86 release
* updated MaGrid CA with extended validity period (MA)
* removed discontinued pkIRISGrid CA (ES)
* discontinued depricated yum v2 and rpm-apt package management support
(only affects yum installs on RHEL/CentOS 2&3, Fedora Core 1-3, and bespoke
support for installing RPM packages using APT for pre-2006 RedHat systems)
====== Version 1.65 ===========
Built 2 AUG 2017
IGTF 1.85 release
* Updated URL domain information for CyGrid (CY)
====== Version 1.64 ===========
Built 5 July 2017
IGTF 1.84 release
* Updated ROSA root certificate with extended 20yr valitity (RO)
* Updated contact details for CyGrid CA following transition to CYNET (CY)
* Removed obsoleted KISTI-2007 trust anchor - replaced by KISTIv3 (KR)
* Removed expiring LACGrid trust anchor a9082267 (BR)
* Added UK Pathfinder AAAI CA 1 to unaccredited (misc) area (UK)
====== Version 1.63 ===========
IGTF 1.83 release
* Added new trust anchor for accredited KISTI CA v3 (KR)
* Removed obsolete GEANT TCS G1 and G2 (old Comodo-backed) trust anchors:
UTN-USERFirst-Hardware TERENA-eScience-SSL-CA AAACertificateServices
UTNAAAClient TERENAeSciencePersonalCA UTN-USERTrust-RSA-CA
TERENA-eScience-SSL-CA-2 TERENAeSciencePersonalCA2 (EU)
====== Version 1.62 ===========
IGTF 1.82 release
* Added new G2 UGrid trust anchor (UA)
* Extended validity for AEGIS CA (RS)
* Withdrawn discontinued FNAL KCA (US)
* Extended valitity for REUNA CA (CL)
====== Version 1.61 ===========
IGTF 1.81 release
* Added accredited DarkMatter classic QV-intermediate ICAs (AE)
including QuoVadis Root CA 2 G3 and Root CA 3 G3 higher level CAs (BM)
* Updated contact information for EUN EG-GRID CA (EG)
* Withdrawn classic UKeScienceCA-2A in advance of repurposing (UK)
====== Version 1.60 ===========
IGTF 1.80 release
* Discontinued BEGrid2008 (BELNET) classic authority (BE)
====== Version 1.59 ===========
IGTF 1.79 release
* Updated UNLPGrid CA with extended validity period (AR)
* Fix regular expressions in CILogon and NCSA CA namespaces files (US)
* Included rollover CA IRAN-GRID-CGC-G2 (IR)
* Corrected an incorrect line in selected info files for DigiCert (US)
* Discontinued expiring NECTEC CA (TH)
====== Version 1.58 ===========
Built 10 OCT 2016
IGTF 1.78 release
* Updated namespaces and signing_policy files for CILogon Basic CA to
permit DNs without "/C=US" (US)
* Added G2 series (sha-2) QuoVadis Root 2 and Grid ICA G2 (BM)
* Removed discontinued UniandesCA (CO)
* Removed superseded INFN-CA-2006 CA (IT)
* Updated Debian packaging to support APT security improvements
====== Version 1.57 ===========
Built 29 JULY 2016
* Added accredited RCauth.eu IOTA CA and associated root (EU)
* Added DutchGrid Root G1 (NL)
====== Version 1.56 ===========
Built 5 JULY 2016
IGTF 1.75 release
* Discontinued expired UFF BrGrid CA (BR)
* Discontinued expired HellasGrid-2006 and associated Root (GR)
====== Version 1.55 ===========
Built 19 MAY 2016
IGTF 1.74 release
* Removed superseded NorduGrid (2006) CA (DK)
* Added HellasGrid 2016 CA (GR)
====== Version 1.54 ===========
Built 31 MAR 2016
IGTF 1.73 release
* Updated key pair for SDG CA G2 (CN)
* Revised URL to point to http endpoint for CERN IOTA ICA CRL (CERN)
* Added date field to Debain Release file to work around APT bug 809329
* Added an InRelease file for changing Debian packaging
* Added experimental DCA Root G1 and RCauth.eu Pilot ICA G1 (NL, EU)
====== Version 1.53 ===========
Built 1 MAR 2016
IGTF 1.72 release
* Added roll-over subordinate for the SDG CA G2 (CN)
* Added CERN LCG IOTA CA (CERN)
* Updated PSC MyProxy CA with extended validity (US)
====== Version 1.52 ===========
Built 26 JAN 2016
IGTF 1.71 release
* Added accredited classic KENET ICA and associated Root (KE)
* Added roll-over subordinate for the SDG CA G2 (CN)
* Removed expiring SDG CA (CN)
* Updated CyGrid Root CA with extended validity period (CY)
* Updated BG-ACAD-CA with extended validity period (BG)
====== Version 1.51 ===========
Built 30 NOV 2015
IGTF 1.70 release
* Updated CRL URL hosted by KIT for ArmeSFO (AM)
* Added NorduGrid 2015 trust anchor (DK,NO,SE,FI,IS)
* Discontinued superseded DigiCertGridCA-1G2-Classic (US)
====== Version 1.50 ===========
Built 26 OCT 2015
IGTF 1.69 release
* Added new INFN "2015" CA as roll-over of the 2006 instance (IT)
* Added new CILogon OSG CA (US)
* Discontinued BalticGrid CA (EE)
====== Version 1.49 ============
Built 6 OCT 2015
IGTF 1.68 release
* Discontinued CALG CA (LV)
* Added experimental KENET CAs (KE)
====== Version 1.48 ============
Built 3 SEPT 2015
IGTF 1.67 release
* IGTF release jump, skipping 1.66
* Discontinued NCSA-mics CA (US)
* Withdrawn G2 root for IPM CA (IR)
====== Version 1.47 ============
Built 30 Jun 2015
IGTF 1.65 release
* Discontinued NAREGI CA (JP)
* Added addition G2 root for IPM CA (IR)
* Added new subjectdn attribute to the trust anchor and profile meta-data
files to aid monitoring and authentication-profile based access control
mechanism use cases. See http://wiki.eugridpma.org/Main/IGTFInfoFile (ALL)
====== Version 1.46 =============
Built 1 Jun 2015
IGTF 1.64 release
* Extended validity period of the BalticGrid CA (EE,LT,LV)
* Removed obsolete NICS-MyProxy CA (US)
* Added revised DigiCertGridCA-1G2-Classic-2015 Classic CA (US)
* Updated CRL URL information for TCS G3 by preferring secondary URI (EU)
* Updated RDIG CA with extended validity self-signed root (RU)
* Removed obsolete NCSA-slcs CA, replaced by NCSA-slcs-2013 (US)
====== Version 1.45 =============
Built 6 Apr 2015
IGTF 1.63 release
* Removed obsoleted and replaced NIIF CA (HU)
* Extended validity period of the KEK CA (JP)
* Removed obsoleted d254cc30/CERN-Root 1d879c6c/CERN-TCA anchors (CERN)
* Updated RPDNC namespaces to permit DigiCert Grid Trust G2 ICAs for
DigiCert Assured ID Root CA (US)
* Updated RPDNC namespaces and signing_policy files for G2 series
DigiCert Grid CAs pending ICA reissuance for reverse RDN issue (US)
* Nomalised cond_subject syntax for multiple signing policy files
cilogon-basic cilogon-silver InCommon-IGTF-Server-CA NCSA-slcs-2013
NCSA-tfca-2013 Comodo-RSA-CA
====== Version 1.44 =============
Built 23 Feb 2015
IGTF 1.62 release
* Added Root CA 2 for NIIF (HU)
* Extended validity period for pkIRISgrid CA (ES)
* Updated DigiCert root CA meta-data in preparation for TCS (US)
* Included GEANT TCS CA G3 trust anchors (EU)
* Temporarily suspended HIAST/74c6eaeb for operational reasons (SY)
* Discontinued ULAGrid-CA-2008 CA (VE)
* Discontinued NCHC CA (TW)
====== Version 1.43 =============
Built 3 Dec 2014
IGTF 1.61 release
* Added new IPv6-capable crl_url entries for NCSA and CILogon CAs (US)
* Added accredited TSU (Georgia) CA (GE)
* Extended life time and updated digest function of AustrianGrid CA (AT)
====== Version 1.42 =============
Built 30 Oct 2014
IGTF 1.60 release
* Added new SHA-2 hierarchies for TERENA Certificate Service (ed. 2009) (EU)
====== Version 1.41 =============
Built 1 Oct 2014
IGTF 1.59 release
* Added accredited mics HPCI CA (JP)
* Updated crl_url for NCSA-slcs-2013 and NCSA-tfca-2013 (US)
* Renamed QuoVadis classic grid issuing CA to QuoVadis-Grid-ICA (CH, BM)
====== Version 1.40 =============
Built 30 Jun 2014
* OSG is including IGTF iota profiles starting from this release
IGTF 1.58 release
* Added accredited classic InCommon Server IGTF SSL CA and intermediate
Comodo RSA CA (SHA-2) (US)
* Extended permitted namespaces for AddTrust-External-CA-Root (EU, US)
* Updated CILogon Basic CA from experimental to accredited:iota (US)
* Updated certificate URL for IHEP-CA-2013 39d30eba (CN)
* Discontinued expiring SEE-GRID '2004' CA - since replaced by
new SEEGRID-CA-2013 (GR)
* Discontinued retired PRAGMA-UCSD CA (US)
====== Version 1.39 =============
Built 3 Jun 2014
IGTF 1.57 release
* Discontinued obsoleted IHEP (2009) CA ba2f39ca (CN)
* Removed discontinued NCSA Two Factor CA following migration
to NCSA Two Factor CA 2013 (US)
====== Version 1.38 =============
Built 3 Apr 2013
IGTF 1.56 release
* Removed discontinued SWITCHslcs2011 and associated Root (CH)
* Removed discontinued APAC CA (AU)
* Removed discontinued DoEGrids CA and ESnet root (US)
* Add reference to CA website for AustrianGrid CA (AT)
* Add new subordinates for DigiCert: 1cdf1cd9/DigiCertGridCA-1G2-Classic
and 5d9ea26d/DigiCertGridTrustCAG2-Classic (US)
* Add meta-package for the IOTA-accredited CAs. Please note that there
are no IOTA accredited CAs as this point in time. For specifications see
https://www.eugridpma.org/guidelines/IOTA/
* Debian packaging dependencies in meta-packages now correctly use all-
lower-case package names throughout
Changes from OSG
* Removed PurdueCA and PurdueTeragridRA since they have been decommissioned.
====== Version 1.37 =============
Built 27 Jan 2014
* Renamed 772dbd1.* to da213f5b.* to fix error in IGTF 1.55 old-format release.
New format release is unchanged.
====== Version 1.36 =============
Built 3 Dec 2013
IGTF 1.55 release
* New root certificate with extended life time for NorduGrid CA 1f0e8352 (DK)
* Updated contact metadata for all RENATER Grid-FR related CAs (FR)
* Updated CRL URL and metadata for IHEP 2013 CA 39d30eba (CN)
* New root certificates for NCSA CA re-key: MyProxy CA 2013 c36f6349/7aa2b7bd
and Two Factor CA 2013 ca157cee/48c8f10a (US)
* New root certificate for EGI catch-all CA "SEEGRID-CA-2013" 772dbd1c (GR)
* Removed AIST Grid CA (JP)
* Discontinued IUCC CA (6fee79b0) following migration to TCS (IL)
* Suspended JUnet-CA (b3222f9e) (JO)
* Removed expired unaccredited CAs (misc)
* Added unaccredited worthless NL e-Infra Zero tutorial CA 338a3561 (NL)
====== Version 1.35 =============
Built 1 Jul 2013
IGTF 1.54 release
* Extended life time of Grid-KA CA (dd4b34ea) (DE)
* Added new CERN hierarchy for CERN IT/IS CA (SHA2 migration) (CH)
* Updated metadata for GridGermany DFN-CERT CAs (DE)
* Updated contact metadata for KEK (JP)
* Updated contact metadata for HKU (HK)
* Updated contact metadata for AIST (JP)
====== Version 1.34 =============
Built 11 Jun 2013
IGTF 1.53 release
* Added new root cert for IHEP CA (2013) (CN)
* Removed retired NCSA GridShib CA (e8ac4b61) (US)
* Removed backup crl_url locations for CILogon CAs
due to future crl.doegrids.org shutdown. (US)
* Removed retired TACC CAs (2ac09305, 684261aa, e5cc84c2) (US)
* Updated NERSC CA (b93d6240) to extend validity and change to
self-signed rather than subordinate to ESnet (US)
====== Version 1.33 =============
Built 28 Jan 2013
IGTF 1.52 release
* Extended validity of ArmeSFo Root CA (d0c2a341) (AM)
* Obsoleted UKeScienceCA-2007 and updated Root CRL URL and metadata (UK)
* removed expiring and unaccredited 'convenience' CAs from the
distribution (Thawte, ZA, TERENA SCS, BE)
===== Version 1.32 =============
Built 3 Dec 2012
IGTF 1.51 release
* Due to the unfortunate closure of Grid-Ireland, the Grid-Ireland CA
(1e43b9cc) has been discontinued (IE)
* extended expiry date for CyGrid CA (afe55e66) (CY)
====== Version 1.31 =============
Built 2 Oct 2012
IGTF 1.49 release
* Added ANSPGrid (126f0acf) classic CA (BR)
* Extended root cert validity for CA ce33db76 to 20yr (IR)
IGTF 1.50 release
* Added accredited classic EG-GRID CA (EG)
* Extended life time of UKeScience (2007) issuing CA (UK)
====== Version 1.29 =============
Built 11 Jun 2012
IGTF 1.48
• Extended life time of DFN GridGermany Root (1149214e) and CDPs (DE)
====== Version 1.28 =============
Built 03 May 2012
IGTF 1.47 release
Changes from IGTF
* Updates CA URL metadata and CRL for pkIRISGrid CA (ES)
* Added accredited classic MYIFAM CA (MY)
====== Version 1.27 =============
Built 5 Apr 2012
IGTF 1.46 release
Changes from IGTF
* Added accredited NCSA 2-factor SLCS CA (US)
* Removed discontinued CESNET (9b59ecad) CA (CZ)
====== Version 1.26 =============
Built 10 Feb 2012
IGTF 1.44 release
Changes from IGTF
* Added accredited classic DigiCert CA chains (US)
* Extended life time of UGRID root cert (UA)
====== Version 1.25 =============
Built 12 Dec 2011
IGTF 1.43 release
Changes from IGTF
* Added new SWITCHslcs 2011 CA, replacing SWITCHslcs 2009 (CH)
* Updated contact information for SWITCH CAs (CH)
* Added new accredited classic JUnet CA (JO)
* Added additional CRL URL for DOEGrids CA in certificate and meta data (US)
* Added additional CRL URL for ESnet Root CA in meta data (US)
* Updated institute information for KIT in signing_policy file (DE)
* Updated enrolment URLs for Grid-FR CA (FR)
====== Version 1.24 =============
Built 11 Oct 2011
IGTF 1.42 release
Changes from IGTF
Corrected signing_policy file for UKeScience CA 2B (UK)
====== Version 1.23 =============
Built 27 Sept 2011
IGTF 1.41 release
Changes from IGTF
* Added accredited PSC MyProxy SLCS CA (US)
* Updated CRL URL for LIPCA (PT)
* Extended life time of SlovakGrid CA root (SK)
* Added accredited DZ-eScience CA (DZ)
* Added accredited NICS SLCS MyProxy CA (US)
* Added new UK eScience issuing CAs 2A and 2B to allowed namespaces and
removed superfluous signing policy entries (UK)
* Normalised the certificate files (.0) for selected CAs in the 'old' format
distribution. This does not affect the 'new' OpenSSL v1+ compatible release.
Affected CAs are CESNET, NIKHEF, NIIF, DFN-GridGermany-Root, PSC-Myproxy-CA,
and NERSC-SLCS. Old and new format files are now identical.
* The "worthless" area, containing some files that are distributed merely
for convenience for selected specific purposes, has been re-named to
"unaccredited". Files contained in this directory must be treated with
utmost care, and their inclusion in the distribution does not constitute
any form of endorsement by the IGTF of these files or their content.
* Added unaccredited InCommon Server CA to convenience directory (US)
====== Version 1.22 =============
Built 8 Sept 2011
IGTF 1.40 release
Changes from OSG
Old format and new format now have same md5sum
====== Version 1.21 =============
Built 15 Aug 2011
IGTF 1.40 release
Changes from OSG
* Syrian CA removed because CRL has never been distributed. OSG ticket #10840. Will consider restoring in the next IGTF release
====== Version 1.20 =============
Built 25 July 2011
IGTF 1.40 release
Changes from IGTF
* Corrected fingerprint meta-data for UniAndes CA (CO)
* Change of contact address for NAREGI CA (JP)
* Change of contact address for GermanGrid CA (DE)
* Added accredited classic HIAST CA (SY)
* Added accredited classic Uni Andes CA (CO)
* Extended life time of root certificate for SiGNET-CA (SI)
* Extended life time of root certificate for Grid-Ireland (IE)
* New issuing certificates (2A, 2B) for UKeScience (GB)
* Updated extensions for DOEGrids-CA-1 issuing CA (US)
This is the first production built for new caches establised by GOC for Security team to aid transition of OSG production to new CA format
NOTE: Versions 1.18 and 1.19 were only used for ITB testing
===== Version 1.17 ==============
Built 7 Feb 2011
IGTF 1.38 - current hash format (openssl 0.9x)
Changes from by IGTF
* Updated meta-data info file for SRCE (HR)
* Updated KEK CA root (617ff41b) with extended life time (JP)
* Updated contact email address for ArmeSFo (AM)
* Extended allowed namespace and new URL for SEE-GRID CA as EGI catch-all (EU)
* Extended allowed namespace for NAREGI CA (JP)
* Added accredited CILogin MICS CA (US)
* Extended life time for NCSA CACL (MICS) CA (US)
* Extended life time for NCSA MyProxy (SLCS) CA (US)
* Extended life time for NorduGrid CA (DK,NO,SE,FI,SI)
* Corrected namespaces file for TCS eScience Personal (EU)
Additional OSG Changes:
None
===== Version 1.16 =================
Built 28 Sep 2010
IGTF 1.37 - current hash format (openssl 0.9x)
Added in 1.16 relative to 1.15a
20ce830e - TERENA-eScience-SSL-CA
3c58f906 - AddTrust-External-CA-Root
ff783690 - UTN-USERFirst-Hardware
Removed in 1.16 relative to 1.15a
d1737728 - NGO-Netrust
Updated relative to 1.15a:
Minor changes in some metadata files.
===== Version 1.15a =================
Built 29 Jun 2010
IGTF 1.36 - current hash format (openssl 0.9x)
Updated relative to 1.13:
8a661490 root certificate for PLGrid with corrected SAN extension (PL)
ff94d436 root certificate for SRCE with new extensions and life time (HR)
1f3834d0 root certificate for ROSA with new AKI extension and serial (RO)
Removed relative to 1.13:
e1fce4e9 FNAL_KCA obsolete CA from experimental area (US)
Updated format of INDEX.txt and INDEX.html files to be consistent
with the format with the new IGTF layout coming in a future release.
===== Version 1.15 ==================
Released 25 June 2010 and removed immediately due to manifest file
pointing to wrong location for tar file.
===== Version 1.14x =================
Not released on production OSG
IGTF 1.35 - new hash format
===== Version 1.13 =================
Released 18 Feb 2010
IGTF 1.34 - current hash format
Updated
edca0fc0 CESNET-CA-Root to fix a broken signing_policy file
===== Version 1.12 ==================
Released 15 Feb 2010
IGTF 1.33 - current hash format
Removed
12a1d8c2 CNRS-Grid-FR
34a509c3 CNRS-Projets
cf4ba8c8 CNRS
Added
169d7f9c TERENAeSciencePersonalCA
712ae4cc CESNET-CA-3
75680d2e AAACertificateServices
9ec3a561 UTNAAAClient
edca0fc0 CESNET-CA-Root
Updated
1e12d831 APAC ... 1 file changed
295adc19 REUNA-ca ... 1 file changed
6e3b436b AustrianGrid ... 2 files changed
8a661490 PolishGrid ... 2 files changed
e8d818e6 BEGrid2008 ... 1 file changed
===== Version 1.11 ===================
Released 29-Jan-2010
Continue with IGTF 1.32:
* Added a Debian package to the distribution similar to the rpm/yum packaging.
See https://twiki.grid.iu.edu/bin/view/Security/CADistribution#References
for information regarding the apt repository.
* Signed the distribution with a new OSG Security Team PGP key, id 7FD42669.
You can pick up the new PGP key from
https://twiki.grid.iu.edu/bin/view/Security/SecurityTeamMembers
===== Version 1.10 ===================
Released 27-Oct-2009
Updated to IGTF 1.32:
* Updated country TLD in URLs and email for AEGIS CA (RS)
* Updated contact information for CALC CA (LV)
* Extended life time and updated profile or TR-Grid CA cert and CRL URL (TR)
* Updated and added references to CP and CPS documents for the following
authorities: HellasGrid (GR), ROSA (RO), DutchGrid (NL), IRAN-GRID (IR),
and BYGCA (BY)
* Withdrawn obsolete CAs SWITCH-Personal-2007, SwissSign-Root, SWITCH,
SwissSign-Bronze, SwissSign-Silver, SWITCH-Server-2007 (CH)
* Withdrawn expired and discontinued CA RMKI (HU)
===== Version 1.9 ====================
Released 28-Jul-2009
Updated to IGTF 1.31:
* Removed expired root certificate for BEGrid (03aa0ecb) (BE)
* Removed expired and discontinued User and Server issuing CAs
for DFN (fe102e03 and 34f8e29c) (DE)
===== Version 1.8 ====================
Released 1-Jul-2009
Removed obsolete expiring CAs:
* DFN-Verein User CA Grid - G01, hash 34f8e29c
* DFN-Verein Server CA Grid - G01, hash fe102e03
===== Version 1.7 ====================
Released 3-Jun-2009
Updated to IGTF 1.30:
* Updated contact meta-data for BYGCA, hash 709bed08 (BY)
* Updated URLs for DFN Grid PKI public web pages (DE)
* Added accredited NCSA GridShib SLCS CA (US)
* Added accredited DFN SLCS CA (DE)
* Added accredited TACC MICS CA (US)
* Added accredited SWITCH (QuoVadis anchored) CAs (CH)
* Added accredited FNAL-SLCS CA (US)
===== Version 1.6 ====================
Released 5-May-2009
Updated to IGTF 1.29:
* Restored NGO-Netrust CA with hash d1737728 (SG)
* Updated AIST Grid (CRL) URL metadata (JP)
* Added accredited MD-Grid CA with hash 9ff26ea4 (MD)
* Added accredited HKU Grid CA with hash 4798da47 (HK)
* Updated signing policy file of APAC Grid CA (AU)
* Added accredited classic BYGCA (Belarus) with hash 709bed08 (BY)
* Updated namespace for the APAC CA (AU, NZ)
===== Version 1.5 ====================
Released 10-Mar-2009
Updated to IGTF 1.28:
* Added accredited classic ULAGrid CA (VE)
* Added accredited TACC Root and TACC Classic CAs (US)
* Updated NERSC CRL URL download location (US)
* Updated DOEGrids CRL URL download location (US)
* Extended life time of NorduGrid CA (1f0e8352) (DK,SE,NO,FI,IS)
* Added SigmaNet CALG CA (LV)
* Updated AEGIS CA root certificate to reflect TLD name change (RS)
* Added CRL for SWITCH-SLCS issuing CA (304cf809) (CH)
Removed unaccredited CAs:
* PSC Kerberos CA (290a3b29)
* PSC Root CA (9b88e95b)
* PSC Hosts CA (acc06fda)
* SDSC (3deda549)
* NPACI (b89793e4)
* TACC (9a1da9f9)
* old NCSA CA (4a6cd8b1)
===== Version 1.4 ====================
Released 3-Feb-2009
Updated to IGTF 1.27
* Corrected signing namespace for BEGrid2008 CA (e8d818e6)
* Added NERSC SLCS CA (b93d6240)
* ASGCCA-2007 changed signature algorithm from MD5 to SHA1 (9cd75e87)
* Added new CNRS2 hierarchy: CNRS2 (163af95c) -> CNRS2-Projets
(09ff08b7) -> CNRS2-Grid-FR (d11f973e)
* Updated IUCC root certificate (6fee79b0)
* Removed EstonianGrid CA (566bf40f)
===== Version 1.3 ====================
Released 15-Dec-2008
Updated to IGTF 1.26
* Added accredited classic Indian Grid CA (da75f6a8)
* Updated IUCC root certificate with extended life time (6fee79b0)
* Updated BEGrid and UCSD-PRAGMA URL metadata
* New BEGrid2008 root certificate (e8d818e6)
* Extended life time of the SEE-GRID CA (468d15b3)
* Included CRL for NCSA SLCS CA (f2e89fe3)
* Temporally suspended NGO-Netrust CA (d1737728)
===== Version 1.2 ====================
Released 9-Dec-2008
- Removed expired PK-Grid certificate (d2a353a5),
superseded by PK-Grid-2007 CA (f5ead794)
===== Version 1.1 ====================
Released 29-Sep-2008
- based on IGTF 1.25
- added Taiwan NCHC
===== Initial version: 1.0 =====
NOTE: This initial GOC hosted release is based on the VDT v39 CA
Certificate distribution, with the following changes.
Please note that the VDT and OSG GOC certificates are now
independently distributed and versioned.
Released on 3-Sep-2008
- Updated to new Fermilab KCA CA certificate (e1fce4e9.0)
- Removed doegrids/grid-cert-request and associated files