Index of /distribution/igtf/current

Icon  Name                    Last modified      Size  Description
[DIR] Parent Directory - [TXT] CHANGES 28-Sep-2015 10:16 32K [   ] GPG-KEY-EUGridPMA-RPM-3 28-Sep-2015 10:16 889 [TXT] LICENSE 28-Sep-2015 10:16 2.0K [DIR] accredited/ 28-Sep-2015 10:16 - [DIR] apt/ 28-Sep-2015 10:15 - [DIR] dists/ 28-Sep-2015 10:13 - [DIR] experimental/ 28-Sep-2015 10:16 - [DIR] headers/ 28-Sep-2015 10:15 - [   ] igtf-policy-installa..> 28-Sep-2015 10:15 178K [TXT] igtf-policy-installa..> 28-Sep-2015 10:15 198 [DIR] repodata/ 28-Sep-2015 10:15 - [DIR] unaccredited/ 28-Sep-2015 10:16 - [TXT] version.txt 28-Sep-2015 10:16 21
IGTF Distribution of Authority Trust Anchors (PKI Certificate format)

This is version 1.68 of the distribution, built on Monday, 28 Sep, 2015

The distribution contains root certificates and related meta-information: 
Certificate Revocation List (CRL) locations, contact information, and signing
policies. This distribution is subject to the IGTF Federation Document 
and the appropriate charters and authentication profiles. 

Authorities can be accredited by the IGTF based on several Authentication
Profiles, each of which may represent a distinct assurance level. Not all
accredited authorities nor all profiles should be considered equivalent. 
Review the Authentication Policy guidance at first.

The IGTF itself does not provide identity assertions but instead 
asserts that - within the scope of its charter and subject to its policies
and practices - the certificates issued by the Accredited Authorities meet 
or exceed the relevant guidelines for the Authentication Profile under
which they have been accreditd.

PLEASE NOTE that this assertion extends only to accredited authorities,
i.e., those authorities of which the trust anchor is contained in the
"accredited/" subdirectory of this distribution! 

You can install the trust anchors in the following ways:
* install all packages from the "accredited/" directory tree for
  the RPM, tar.gz or Java Key Store format directories manually. 
  These correspond to all accredited CAs from all profiles.
* use a RPM package manament system like "yum" to install the 
  meta-RPM "ca_policy_igtf-PROFILE-1.68-1.noarch.rpm"
  where PROFILE is the name of the profile (e.g., classic, mics or slcs)
  You should install ALL policy bundles corresponding to the 
  authentication profiles you want to accept.
* use the "dists/" directory and containing DEB packages for Debian
  and derived operating systems (see also dists/README.txt)
* install all authorities with the installation tarball bundle
  "igtf-policy-installation-bundle-1.68.tar.gz", using the 
  "./configure --with-profile=NAME && make && make install" mechanism.
  This tarball can be found in the "accredited/" directory.
  The tar-ball containts a README.txt with detailed instructions.
  You can specify multiple "--with-profile" arguments to include
  more than CAs from one authentication profile.

Please make sure you validate the correctness of the trust anchors with the
TERENA Academic CA Repository ( where possible.

This distribution contains, for your convenience, also selected other CAs 
in the "unaccredited/" and "experimental/" directories. These are NOT 
part of the accredited trust fabric and you install these at your own risk.

Comments and suggestions for improvement of this distribution are welcome;
please send them to <>. For more information, see
the web site:

                                                   [this is release 1]