This page contains policy and configuration information for NCSA Certificate Authorities.
For information on obtaining IGTF server certificates for use with XSEDE, please see:
For information on obtaining server certificates for NCSA hosts, please see:
For questions about the NCSA CA contact help+ca@ncsa.illinois.edu.
For NCSA CA status, see: NCSA Status
The NCSA CA is operated by:
National Center for Supercomputing Applications
1205 West Clark Street, Urbana IL 61801 USA
The NCSA Certificate Authorities are primarily for grid computing. They are not by default trusted by web browsers and email clients.
To obtain certificates that are by default trusted by web browsers, so your web site visitors will not need to manually trust the NCSA CAs, see NCSA Certificate Requests.
The NCSA CA Certificates are available below and also from:
NCSA currently operates the following Certificate Authorities:
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy CA 2013
- Certificate Policy: 1.9 changelog
- Policy OID: 1.3.6.1.4.1.4670.100.2.9
- CA Certificate: PEM DER
- Signing Policy
- CRL: PEM DER
- Validity: Oct 1 2013 to Oct 1 2033
- CA Hash: c36f6349 (OpenSSL 0.9) / 7aa2b7bd (OpenSSL 1.0)
- This CA replaced the CN=MyProxy CA.
- example user certificate
- CILogon Basic CA: https://ca.cilogon.org/policy/basic
- CILogon Silver CA: https://ca.cilogon.org/policy/silver
- CILogon OpenID CA: https://ca.cilogon.org/policy/openid
The following NCSA CAs are now retired:
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=Two Factor CA 2013
- This CA ceased operation in April 2020.
- Certificate Policy: 1.9 changelog
- Policy OID: 1.3.6.1.4.1.4670.100.4.9
- CA Certificate: PEM DER
- Signing Policy
- CRL: PEM DER
- Validity: Oct 1 2013 to Oct 1 2033
- CA Hash: ca157cee (OpenSSL 0.9) / 48c8f10a (OpenSSL 1.0)
- This CA replaced the CN=NCSA Two Factor CA.
- example user certificate
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=CACL
- This CA is retired. Visit https://www.xsede.org/security/certificates for information on obtaining new server certificates and https://www.xsede.org/accessing-resources for information on using certificates to access XSEDE.
- Certificate Policy: 1.9 1.7 1.6 1.5 1.4 1.1
- Policy OID: 1.3.6.1.4.1.4670.100.1.9
- CA Certificate: PEM DER
- Signing Policy
- Validity: Apr 24 2007 to Apr 24 2027
- CA Hash: 9b95bbf2 (OpenSSL 0.9) / 5bb7d63e (OpenSSL 1.0)
- This CA is a Member Integrated Credential Service (MICS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).
- ncsa-cert-request script
- example host and user certificates
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=MyProxy
- This CA was replaced by MyProxy CA 2013.
- Certificate Policy: 1.6 1.5 1.4 1.3 1.2 1.1
- Policy OID: 1.3.6.1.4.1.4670.100.2.6
- CA Certificate: PEM DER
- Signing Policy
- Validity: Apr 24 2007 to Apr 24 2027
- CA Hash: f2e89fe3 (OpenSSL 0.9) / d492aff2 (OpenSSL 1.0)
- This CA is a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).
- example user certificate
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=Two Factor CA
- Certificate Policy: 1.8 (Note: Material changes from prior NCSA Certificate Policies are marked in green.)
- Policy OID: 1.3.6.1.4.1.4670.100.4.8
- CA Certificate: PEM DER
- Signing Policy
- CA Hash: 679cff61 (OpenSSL 0.9) / 9c3efee6 (OpenSSL 1.0)
- This CA was a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).
- C=US, O=National Center for Supercomputing Applications, OU=Certificate Authorities, CN=GridShib CA
- This CA ceased issuing certificates on Mar 7 2013. All issued certificates have now expired.
- Certificate Policy (1.6 1.5 1.4)
- Policy OID: 1.3.6.1.4.1.4670.100.3.6
- CA Certificate: PEM DER
- Signing Policy
- CA Hash: e8ac4b61 (OpenSSL 0.9) / d87163a8 (OpenSSL 1.0)
- This CA was a Short Lived Credential Service (SLCS) accredited by The Americas Grid Policy Management Authority (TAGPMA), a member of the International Grid Trust Federation (IGTF).