NCSA CyberSecurity

NCSA CA Information

This page contains policy and configuration information for NCSA Certificate Authorities.

For information on using certificates for access to XSEDE, please see:

• XSEDE: Accessing Resources

For questions about the NCSA CA contact security@ncsa.uiuc.edu or ca-admin@ncsa.uiuc.edu.

The NCSA CA is operated by:

National Center for Supercomputing Applications
1205 West Clark Street, Urbana IL 61801 USA

The NCSA Certificate Authorities are primarily for grid computing. They are not by default trusted by web browsers and email clients. Click here to install the NCSA CACL CA certificate in your browser.

To obtain certificates that are by default trusted by web browsers for University of Illinois web servers, so your web site visitors will not need to manually trust the NCSA CAs, visit http://go.illinois.edu/ssl or contact certmgr@illinois.edu.

The NCSA CA Certificates are available below and also from:

• XSEDE Approved CAs
• VDT CAs
• IGTF Distribution
• TERNA Academic CA Repository

NCSA currently operates the following Certificate Authorities:

• C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL
  • Certificate Policy (1.7 1.6 1.5 1.4 1.1 changelog)
  • Policy OID: 1.3.6.1.4.1.4670.100.1.7
  • CA Certificate: PEM DER
  • Signing Policy
  • CRL: PEM DER
  • Validity: Apr 24 2007 to Apr 24 2027
  • CA Hash: 9b95bbf2 (OpenSSL 0.9) / 5bb7d63e (OpenSSL 1.0)
  • This CA is a Member Integrated Credential Service (MICS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).
  • ncsa-cert-request script
  • example host and user certificates
• C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy
  • Certificate Policy (1.6 1.5 1.4 1.3 1.2 1.1 changelog)
  • Policy OID: 1.3.6.1.4.1.4670.100.2.6
  • CA Certificate: PEM DER
  • Signing Policy
  • CRL: PEM DER
  • Validity: Apr 24 2007 to Apr 24 2027
  • CA Hash: f2e89fe3 (OpenSSL 0.9) / d492aff2 (OpenSSL 1.0)
  • This CA is a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).
  • example user certificate
• C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=Two Factor CA
  • Certificate Policy (1.8 changelog) (Note: Material changes from other NCSA Certificate Policies are marked in green.)
  • Policy OID: 1.3.6.1.4.1.4670.100.4.8
  • CA Certificate: PEM DER
  • Signing Policy
  • CRL: PEM DER
  • example user certificate
  • Validity: Feb 3 2012 to Feb 2 2032
  • CA Hash: 679cff61 (OpenSSL 0.9) / 9c3efee6 (OpenSSL 1.0)
  • This CA is a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).

The following NCSA CAs are now retired:

• C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=GridShib CA
  • This CA ceased issuing certificates on Mar 7 2013. All issued certificates have now expired.
  • Certificate Policy (1.6 1.5 1.4 changelog)
  • Policy OID: 1.3.6.1.4.1.4670.100.3.6
  • CA Certificate: PEM DER
  • Signing Policy
  • CRL: PEM DER
  • example user certificate
  • Validity: Mar 12 2009 to Mar 11 2014
  • CA Hash: e8ac4b61 (OpenSSL 0.9) / d87163a8 (OpenSSL 1.0)
  • This CA is a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).