/usr/share/igtf-policy/slcs/NERSC-SLCS.signing_policy is in igtf-policy-slcs 1.88-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | # $Id: b93d6240.signing_policy,v 1.1 2009/01/10 01:15:56 pmacvsmh Exp $
# Based-on-Id: 1c3f2ca8.signing_policy,v 1.2 2003/05/27 16:29:35 helm Exp $
# ca-signing-policy.conf, see ca-signing-policy.doc for more information
#
# This is the configuration file describing the policy for what CAs are
# allowed to sign whoses certificates.
#
# This file is parsed from start to finish with a given CA and subject
# name.
# subject names may include the following wildcard characters:
# * Matches any number of characters.
# ? Matches any single character.
#
# CA names must be specified (no wildcards). Names containing whitespaces
# must be included in single quotes, e.g. 'Certification Authority'.
# Names must not contain new line symbols.
# The value of condition attribute is represented as a set of regular
# expressions. Each regular expression must be included in double quotes.
#
# This policy file dictates the following policy:
#
# The NERSC Online SLCS CA signs certificates in the NERSC domain
#
# Format:
#------------------------------------------------------------------------
# token type | def.authority | value
#--------------|---------------|-----------------------------------------
# EACL entry #1|
access_id_CA X509 '/DC=net/DC=ES/OU=Certificate Authorities/CN=NERSC Online CA'
pos_rights globus CA:sign
cond_subjects globus '"/DC=gov/DC=nersc/*"'
#
# End NERSC Online CA Policy
|