Index of /distribution/igtf/current
IGTF Distribution of Authority Trust Anchors (PKI Certificate format)
This is version 1.104 of the distribution, built on Wednesday, 29 Jan, 2020
*** THIS INTERMEDIATE RELEASE ADDRESSES TRANSITIONARY ISSUES
identified in relation to the regrafting of the InCommon IGTF Server CA,
by adding back the about-to-expire AddTrust External CA Root. Adding the
obsoleted AddTrust External CA Root back remediates compatibility issues
seen for older OpenSSL below 1.0.1 and JDK versions.
The distribution contains root certificates and related meta-information:
Certificate Revocation List (CRL) locations, contact information, and signing
policies. This distribution is subject to the IGTF Federation Document
and the appropriate charters and authentication profiles.
Authorities can be accredited by the IGTF based on several Authentication
Profiles, each of which may represent a distinct assurance level. Not all
accredited authorities nor all profiles should be considered equivalent.
Review the Authentication Policy guidance at https://www.igtf.net/ first.
The IGTF itself does not provide identity assertions but instead
asserts that - within the scope of its charter and subject to its policies
and practices - the certificates issued by the Accredited Authorities meet
or exceed the relevant guidelines for the Authentication Profile under
which they have been accreditd.
PLEASE NOTE that this assertion extends only to accredited authorities,
i.e., those authorities of which the trust anchor is contained in the
"accredited/" subdirectory of this distribution!
You can install the trust anchors in the following ways:
* install all packages from the "accredited/" directory tree for
the RPM, tar.gz or Java Key Store format directories manually.
These correspond to all accredited CAs from all profiles.
* use a RPM package manament system like "yum" to install the
where PROFILE is the name of the profile (e.g., classic, mics or slcs)
You should install ALL policy bundles corresponding to the
authentication profiles you want to accept.
* use the "dists/" directory and containing DEB packages for Debian
and derived operating systems (see also dists/README.txt)
* install all authorities with the installation tarball bundle
"igtf-policy-installation-bundle-1.104.tar.gz", using the
"./configure --with-profile=NAME && make && make install" mechanism.
This tarball can be found in the "accredited/" directory.
The tar-ball containts a README.txt with detailed instructions.
You can specify multiple "--with-profile" arguments to include
more than CAs from one authentication profile.
Please make sure you validate the correctness of the trust anchors with the
TERENA Academic CA Repository (https://www.tacar.org/) where possible.
This distribution contains, for your convenience, also selected other CAs
in the "unaccredited/" and "experimental/" directories. These are NOT
part of the accredited trust fabric and you install these at your own risk.
Comments and suggestions for improvement of this distribution are welcome;
please send them to <firstname.lastname@example.org>. For more information, see
the web site:
[this is release 1]