IGTF Distribution of Authority Trust Anchors (PKI Certificate format) ------------------------------------------------------------------------------ This is version 1.130 of the distribution, built on Saturday, 29 Jun, 2024 The distribution contains root certificates and related meta-information: Certificate Revocation List (CRL) locations, contact information, and signing policies. This distribution is subject to the IGTF Federation Document and the appropriate charters and authentication profiles. Authorities can be accredited by the IGTF based on several Authentication Profiles, each of which may represent a distinct assurance level. Not all accredited authorities nor all profiles should be considered equivalent. Review the Authentication Policy guidance at https://www.igtf.net/ first. The IGTF itself does not provide identity assertions but instead asserts that - within the scope of its charter and subject to its policies and practices - the certificates issued by the Accredited Authorities meet or exceed the relevant guidelines for the Authentication Profile under which they have been accreditd. PLEASE NOTE that this assertion extends only to accredited authorities, i.e., those authorities of which the trust anchor is contained in the "accredited/" subdirectory of this distribution! You can install the trust anchors in the following ways: * install all packages from the "accredited/" directory tree for the RPM, tar.gz or Java Key Store format directories manually. These correspond to all accredited CAs from all profiles. * use a RPM package manament system like "yum" to install the meta-RPM "ca_policy_igtf-PROFILE-1.130-1.noarch.rpm" where PROFILE is the name of the profile (e.g., classic, mics or slcs) You should install ALL policy bundles corresponding to the authentication profiles you want to accept. * use the "dists/" directory and containing DEB packages for Debian and derived operating systems (see also dists/README.txt) * install all authorities with the installation tarball bundle "igtf-policy-installation-bundle-1.130.tar.gz", using the "./configure --with-profile=NAME && make && make install" mechanism. This tarball can be found in the "accredited/" directory. The tar-ball containts a README.txt with detailed instructions. You can specify multiple "--with-profile" arguments to include more than CAs from one authentication profile. Please make sure you validate the correctness of the trust anchors with the TERENA Academic CA Repository (https://www.tacar.org/) where possible. This distribution contains, for your convenience, also selected other CAs in the "unaccredited/" and "experimental/" directories. These are NOT part of the accredited trust fabric and you install these at your own risk. Comments and suggestions for improvement of this distribution are welcome; please send them to . For more information, see the web site: http://www.igtf.net/ http://www.eugridpma.org/ http://www.apgridpma.org/ http://www.tagpma.org/ [this is release 1]