--- /dev/null
+<Trust xmlns="urn:mace:shibboleth:trust:1.0"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:trust:1.0 @-PKGXMLDIR-@/shibboleth-trust-1.0.xsd">
+
+ <!--
+ <Trust> elements map public keys or certificate authorities to named system
+ entities, or groups of entities. Directly mapping a key to an entity causes
+ the trust metadata to act as a certification authority directly for the
+ entity and its key, and is done with a single <ds:KeyInfo> element for each
+ key binding. This is as specified in http://www.w3.org/2000/09/xmldsig
+
+ To bind a key to an entity directly, the key must be specified within the
+ <ds:KeyInfo> as either a <ds:KeyValue> (a bare key) or a <ds:X509Certificate>
+ within <ds:X509Data>. One or more "names" can be associated with the key
+ using <ds:KeyName> or <ds:X509Subject> in <ds:X509Data>. It is suggested in
+ <ds:KeyName> to just specify the entity's common name (CN) or a DNS subjectAltName,
+ as typically done when evaluating TLS certificates. For specialized cases, we
+ support use of a full distinguished name in LDAP/RFC2253 format (reverse
+ order of RDNs from X.500, separated by a comma). This syntax is mandatory
+ when using <ds:X509Subject>.
+
+ To output the subject of a certificate in this form, use the following
+ OpenSSL command:
+ $ openssl x509 -in cert.pem -subject -nameopt RFC2253,sep_comma_plus_space
+
+ As a general note, any base-64 encoded data in the file must be carefully
+ placed into the containing element without extra whitespace or linefeeds.
+ This usually means the encoded text should start on the same line as the
+ opening element, be wrapped at a reasonable line length (72 or so) and
+ be ended by a linefeed unless ending exactly on a line length boundary.
+
+ Here is an example that binds a key directly to a host using a certificate.
+ Note that trust metadata does not define what this host is or what role it
+ performs. This is typically handled by referencing the corresponding key name
+ in operational metadata. Also note that no validation of a certificate
+ specified in this form will be done, the key is merely extracted. To
+ revoke or expire the key binding, the entry must be removed.
+ -->
+
+ <ds:KeyInfo>
+ <ds:KeyName>localhost</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>MIICtjCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQQFADA+MQswCQYDVQQGEwJVUzEb
+MBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+HhcNMDQwMzI5MDIyMTIxWhcNMzEwODE1MDIyMTIxWjA+MQswCQYDVQQGEwJVUzEb
+MBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
+/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
+qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
+7w7bx0cF/02qrR23AgMBAAGjgcMwgcAwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
+HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJZiO1qs
+yAyc3HwMlL9pJpN6fbGwMGYGA1UdIwRfMF2AFJZiO1qsyAyc3HwMlL9pJpN6fbGw
+oUKkQDA+MQswCQYDVQQGEwJVUzEbMBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0
+MRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwDQYJKoZIhvcNAQEEBQADgYEAtc1nWrwY
+Mc1aGcpfBGP6Exx2oOLs6k5GU+nOMN6j8PbJiGKNtmUvW7IL4o5tiSYcLqtQ/jVD
+n3rFsCeDaO+1Qa8+3JBFqfhchC5Jh73C8yqCGeo9QbXyyJRY/sCxU4YjqJz/z/hW
+o/72FFuLImOT2CUdJ/FonPKo2w0NhOTP4Hc=
+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+
+
+ <!---
+ <KeyAuthority> elements map authority certificates and/or revocation lists
+ to names. Omitting any names results in a wildcarded mapping that globally
+ applies the authorities to all transactions that cannot be evaluated with
+ direct key bindings. This is dangerous and should only be used in specialized
+ deployments, in conjunction with other policies via operational metadata
+ about which entities can issue assertions or make requests.
+
+ The <KeyAuthority> construct signals specialized semantics for the
+ <ds:KeyInfo> element(s) contained that cause all embedded certificates or
+ references to them to be interpreted as certificate authorities, rather than
+ alternate keys or chains of certificates for a single entity.
+
+ The element first contains zero or more <ds:KeyName> elements that specify
+ the names of entities or groups of entities (such as federations) to which
+ the succeeding CA information applies. The name should be specified either
+ as a URI (for entities such as SAML identity and service providers and
+ federations) or a CN for system-level entities.
+
+ These names are followed by an arbitrary sequence of <ds:KeyInfo> elements
+ which are interpreted specifically for this context. All the embedded
+ <ds:X509Certificate> elements are extracted as certificate authorities and
+ treated as a flat list. Certificates in external files in DER or OpenSSL/PEM
+ format can be referenced using <ds:RetrievalMethod> elements with the
+ following standard and special Type attributes:
+
+ Raw/DER format:
+
+ <ds:RetrievalMethod URI="/path/to/cert.der"
+ Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate">
+
+ OpenSSL/PEM format:
+
+ <ds:RetrievalMethod URI="/path/to/cert.pem"
+ Type="urn:mace:shibboleth:RetrievalMethod:pemX509Certificate">
+
+ The other possible <ds:KeyInfo> content specifies X.509 Certificate Revocation
+ Lists, again either in-band via <ds:X509CRL> or in files via <ds:RetrievalMethod>.
+ Note that the Shibboleth plugin API differentiates trust and CRL access, but
+ they can both be drawn from this shared format.
+
+ Raw/DER format:
+
+ <ds:RetrievalMethod URI="/path/to/crl.der"
+ Type="http://www.w3.org/2000/09/xmldsig-more#rawX509CRL">
+
+ OpenSSL/PEM format:
+
+ <ds:RetrievalMethod URI="/path/to/crl.pem"
+ Type="urn:mace:shibboleth:RetrievalMethod:pemX509CRL">
+
+ The second lengthy example shows a set of certificate authorities being
+ applied to a set of providers that share a federation URI. Such providers
+ must sign assertions and present TLS certificates signed by one of the
+ listed authorities, and must insure that the certificates are otherwise
+ valid and appropriate.
+ -->
+
+ <KeyAuthority VerifyDepth="0">
+ <ds:KeyName>localhost</ds:KeyName>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIICtjCCAh+gAwIBAgIBADANBgkqhkiG9w0BAQQFADA+MQswCQYDVQQGEwJVUzEb
+MBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+HhcNMDQwMzI5MDIyMTIxWhcNMzEwODE1MDIyMTIxWjA+MQswCQYDVQQGEwJVUzEb
+MBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0MRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa
+/jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5
+qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF
+7w7bx0cF/02qrR23AgMBAAGjgcMwgcAwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
+HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJZiO1qs
+yAyc3HwMlL9pJpN6fbGwMGYGA1UdIwRfMF2AFJZiO1qsyAyc3HwMlL9pJpN6fbGw
+oUKkQDA+MQswCQYDVQQGEwJVUzEbMBkGA1UEChMSU2hpYmJvbGV0aCBQcm9qZWN0
+MRIwEAYDVQQDEwlsb2NhbGhvc3SCAQAwDQYJKoZIhvcNAQEEBQADgYEAtc1nWrwY
+Mc1aGcpfBGP6Exx2oOLs6k5GU+nOMN6j8PbJiGKNtmUvW7IL4o5tiSYcLqtQ/jVD
+n3rFsCeDaO+1Qa8+3JBFqfhchC5Jh73C8yqCGeo9QbXyyJRY/sCxU4YjqJz/z/hW
+o/72FFuLImOT2CUdJ/FonPKo2w0NhOTP4Hc=
+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+
+ <KeyAuthority VerifyDepth="5">
+ <ds:KeyName>urn:mace:inqueue</ds:KeyName>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <!-- HEPKI Master Test CA -->
+ <ds:X509Certificate>MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- HEPKI Server Test CA -->
+ <ds:X509Certificate>MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Thawte Premium Server CA -->
+ <ds:X509Certificate>MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Thawte Server CA -->
+ <ds:X509Certificate>MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Verisign/RSA Commercial CA -->
+ <ds:X509Certificate>MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Verisign/RSA Secure Server CA -->
+ <ds:X509Certificate>MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Verisign Class 3 Public Primary CA -->
+ <ds:X509Certificate>MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- GlobalSign Root CA -->
+ <ds:X509Certificate>MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
+YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
+5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
+gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
+rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
+ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
+Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- Ohio State Test CA -->
+ <ds:X509Certificate>MIIEuzCCA6OgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnzELMAkGA1UEBhMCVVMx
+DTALBgNVBAgTBE9oaW8xETAPBgNVBAcTCENvbHVtYnVzMSIwIAYDVQQKExlUaGUg
+T2hpbyBTdGF0ZSBVbml2ZXJzaXR5MQwwCgYDVQQLEwNPSVQxGzAZBgNVBAMTEkFE
+UyBEZXZlbG9wbWVudCBDQTEfMB0GCSqGSIb3DQEJARYQY2FudG9yLjJAb3N1LmVk
+dTAeFw0wMzA0MjYwMTQyNTBaFw0wNjA4MDgwMTQyNTBaMIGfMQswCQYDVQQGEwJV
+UzENMAsGA1UECBMET2hpbzERMA8GA1UEBxMIQ29sdW1idXMxIjAgBgNVBAoTGVRo
+ZSBPaGlvIFN0YXRlIFVuaXZlcnNpdHkxDDAKBgNVBAsTA09JVDEbMBkGA1UEAxMS
+QURTIERldmVsb3BtZW50IENBMR8wHQYJKoZIhvcNAQkBFhBjYW50b3IuMkBvc3Uu
+ZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEatTbCwn75npxtb
+1omzb+2zlBV5bVChRSwxuMIV5+ZMkXCL7HKsx29BCaPDkxRhd5tVsUi2Hk8cCGhL
+jKWw/WbUv/ppv3xKunqJFkwtgSOWccZ3Q6HrYVgFzRri7WxrtVt14eCTuD/4NjvL
+V/h5YpBznYq+gnmwfI5PSXVGUSuWrgf5nh2050QhcUANErXxlJkd4sQTOskxVTiK
+Z+FjrIPHj+5PVco9hZbbqE7ocUjXJF0wbXmZ7rWCBCPX4mNQ9F3XDBe1pUJeQFMJ
+psCS7Qel8IY6RtCLLzqgcb88VDKvEao2zP4ppfwl+m6/Q4biHjP/YJOufawLq6bP
+5BtppwIDAQABo4H/MIH8MB0GA1UdDgQWBBS8sZnKAz8qFZ++hVLh0j03B6jrejCB
+zAYDVR0jBIHEMIHBgBS8sZnKAz8qFZ++hVLh0j03B6jreqGBpaSBojCBnzELMAkG
+A1UEBhMCVVMxDTALBgNVBAgTBE9oaW8xETAPBgNVBAcTCENvbHVtYnVzMSIwIAYD
+VQQKExlUaGUgT2hpbyBTdGF0ZSBVbml2ZXJzaXR5MQwwCgYDVQQLEwNPSVQxGzAZ
+BgNVBAMTEkFEUyBEZXZlbG9wbWVudCBDQTEfMB0GCSqGSIb3DQEJARYQY2FudG9y
+LjJAb3N1LmVkdYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQBq
+o4Fo5O3CMZ+03Rb24ffxV/31AbaMbgI9veETcsuk1ufTs5cUiLY59aaRzjCefGiq
+8pZuIe3N+bF3YSD9PZX7ga4v91ga/Ec1IOvjFpTw2qBU36+OcLue7rcpHVnSSry8
+6wIRnVZmJwLKfuYBAgbNBFJwJiJ3/uZ5m0YPwmAhyvaGb7QIUvceIzCZ9gcw/n5+
++kDYpntsOxzKvdcdofPzo84VFl8pcYu8XNf6rBdmC97VNDeO+f9gQlpx6/GLFGyn
+oa69rE3V1EoD51bYrkQL3S0rS+pL26FQmET2qFHQ1SpAdkcfzprlTk+HR8ILK/zh
+tYwaa5m9MAQOCs7pTA0+
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- CREN CA -->
+ <ds:X509Certificate>MIIDozCCAougAwIBAgIFBGAAAAcwDQYJKoZIhvcNAQEEBQAwdDELMAkGA1UEBhMCVVMxOjA4BgNV
+BAoTMUNSRU4vQ29ycCBmb3IgUmVzZWFyY2ggYW5kIEVkdWNhdGlvbmFsIE5ldHdvcmtpbmcxKTAn
+BgNVBAsTIEVkdWNhdGlvbiBhbmQgUmVzZWFyY2ggQ2xpZW50IENBMB4XDTk5MTExNzAwMDAwMFoX
+DTA3MTExNzAwMDAwMFowdDELMAkGA1UEBhMCVVMxOjA4BgNVBAoTMUNSRU4vQ29ycCBmb3IgUmVz
+ZWFyY2ggYW5kIEVkdWNhdGlvbmFsIE5ldHdvcmtpbmcxKTAnBgNVBAsTIEVkdWNhdGlvbiBhbmQg
+UmVzZWFyY2ggQ2xpZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvjqqt68
+M3TOAlTvGsedC5Mo81nlNpukBd95/ZlxZiyQHZzZRN+5ytnl3fFpA9xK47rqfWiEenjotreOlKyv
+kx4FgQsloHL/ngwkn+O7ldRAgsD/1oDy/6TWIL4JvexEWXT/b116aT3QOB4zF77S9+yn6KkFrroL
+mIU+JX6S4G8lMqEFH3tUATwoCVjYeoPtqhgzWhTf2tXQ/tjCFxb8pxav3scG8Adi3iZ7u0TIAq2Z
+5Nf0/xqfUdLNn5GCiK71kxhe7DcaBlxiHs+c3Vo/I47ow1kFWgkOnIwIxa1V/BOzuzgIRfI2jvha
+PLqWRTiC2pWHNfgqmnUf3jQ9JwxsOQIDAQABozwwOjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSZ
+XFkzrbStei+68QrYZGLNXx9BeTALBgNVHQ8EBAMCAAYwDQYJKoZIhvcNAQEEBQADggEBAGWz5Sxw
++XZWYvkdhoM6iZo7XtQqOy34kQsCy4qPk1JxvNIth1ENReDx6v9HiA+5ZMamTr7PRzNxTloyoBMN
+pAK4yPS8Nj/al105jlqLns4cpOOD9Rs0AyhSkvG8F8A6i45UHbSG6rDhH92c/s8/XzZNrHpt/DN6
+XNN0KCzUlDzxEjHiTtf2y88A6FpuhWZlEOtLXSqykhg5RYzbUQyWMPXP2Z2mAJNFQ8kxCaTw8jzj
+EqqiJA+8p/M7Wg2bsyFgikstVIvNyXqt8izHsL3h/ZBTIFIsnFC2XYEGyLWsIXQek1KoCYUyYcUm
+GR2awRTrCl4tbfzIqDv+OvYUoFUuz8Y=
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- NSDL CA -->
+ <ds:X509Certificate>MIIDmDCCAwGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCVVMx
+CzAJBgNVBAgTAk5ZMREwDwYDVQQHEwhOZXcgWW9yazEcMBoGA1UEChMTQ29sdW1i
+aWEgVW5pdmVyc2l0eTENMAsGA1UECxMETlNETDEVMBMGA1UEAxMMTlNETCBTaXRl
+IENBMSIwIAYJKoZIhvcNAQkBFhNjZXJ0c0BhdXRoLm5zZGwub3JnMB4XDTAzMDkw
+NDIxMjAwNFoXDTA4MDkwMzIxMjAwNFowgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+EwJOWTERMA8GA1UEBxMITmV3IFlvcmsxHDAaBgNVBAoTE0NvbHVtYmlhIFVuaXZl
+cnNpdHkxDTALBgNVBAsTBE5TREwxFTATBgNVBAMTDE5TREwgU2l0ZSBDQTEiMCAG
+CSqGSIb3DQEJARYTY2VydHNAYXV0aC5uc2RsLm9yZzCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEAr/xGSTQp4pmeqqlRIjONbLdaK974dBfvXfgjHxMhwX+eI5tK
+FU6XD3nwHgTvzUfcI19EOSn0bXHc61nCnCdt1+zi8m4t30jAUOO3vPorjjTVspaP
+VTjG8QUReNKO1Q6YhT2QiTSfxAZJnn7VBHmE7xOzTji10wBtNslq21/OSskCAwEA
+AaOB9TCB8jAdBgNVHQ4EFgQUHfhN+a5FzsJ2MU4n473mR6Fo6X0wgcIGA1UdIwSB
+ujCBt4AUHfhN+a5FzsJ2MU4n473mR6Fo6X2hgZukgZgwgZUxCzAJBgNVBAYTAlVT
+MQswCQYDVQQIEwJOWTERMA8GA1UEBxMITmV3IFlvcmsxHDAaBgNVBAoTE0NvbHVt
+YmlhIFVuaXZlcnNpdHkxDTALBgNVBAsTBE5TREwxFTATBgNVBAMTDE5TREwgU2l0
+ZSBDQTEiMCAGCSqGSIb3DQEJARYTY2VydHNAYXV0aC5uc2RsLm9yZ4IBADAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAFI12nbtpxCg1nuDTaXdbQ5cPd1K
+qaHDaL8gjLJ7zv0wgIEB5z/xXsTPkpPA+U1yXX23qya2jNDnXFA+XS8DXNC+Dg7B
+X1s2TSkxl112t+4hBdHyfN9qqMpmVUxLnnvaRYsNtK5rRcmAy4DCW/PikWt4hgb0
+XvHxm5gGL95wKCz8
+</ds:X509Certificate>
+ </ds:X509Data>
+ <ds:X509Data>
+ <!-- InCommon CA -->
+ <ds:X509Certificate>MIIFmjCCBIKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJVUzEc
+MBoGA1UEChMTSW5Db21tb24gRmVkZXJhdGlvbjEpMCcGA1UEAxMgSW5Db21tb24g
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwMzMwMjAzNDAwWhcNMTQwMzI5
+MjAzNDAwWjBWMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSW5Db21tb24gRmVkZXJh
+dGlvbjEpMCcGA1UEAxMgSW5Db21tb24gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRGjKsUM2QAupLAaWx82/C
+WPalKjKFY8UPmz0T3gf7tJPztTy1Zq8pD0WFRLcQeSBKZGCu8upe8X966b6TZ5yu
+oUDA754If0DWismuHNoMgRR/l0UvZmPWDGRWd3NBTB8/soLA4EbqFf5Xq8MOJKhP
+tzcDR33gtaAb3oilZ+ZTpnhTFFrn/qXrAKcSDBpuW2JRpi3xaF/hTPI097oUShOz
+D1Zj21UYLA6iSFVN+1wlfwilf2KFNK/+zbkCge6wgipZyXxaOAam6ncqmkxy+hy/
+OiJMmdB+6xkO0xXSBUUcqxJrOcUQhA1vntgb3q5zOJISXhC4RAReA0HyBp/wd0iD
+AgMBAAGjggJxMIICbTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUky3IYRitY+ObZbOd3Y2TuufKY0UwfgYDVR0jBHcwdYAUky3IYRit
+Y+ObZbOd3Y2TuufKY0WhWqRYMFYxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNJbkNv
+bW1vbiBGZWRlcmF0aW9uMSkwJwYDVQQDEyBJbkNvbW1vbiBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eYIBADCBugYIKwYBBQUHAQEEga0wgaowgacGCCsGAQUFBzAChoGa
+aHR0cDovL2luY29tbW9uY2ExLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdl
+L2NlcnRzL2NhLWNlcnRzLnA3YgoJCUNBIElzc3VlcnMgLSBVUkk6aHR0cDovL2lu
+Y29tbW9uY2EyLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvYnJpZGdlL2NlcnRzL2Nh
+LWNlcnRzLnA3YjCBjQYDVR0fBIGFMIGCMD+gPaA7hjlodHRwOi8vaW5jb21tb25j
+cmwxLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvY3JsL2VlY3Jscy5jcmwwP6A9oDuG
+OWh0dHA6Ly9pbmNvbW1vbmNybDIuaW5jb21tb25mZWRlcmF0aW9uLm9yZy9jcmwv
+ZWVjcmxzLmNybDBeBgNVHSAEVzBVMFMGCysGAQQBriMBBAEBMEQwQgYIKwYBBQUH
+AgEWNmh0dHA6Ly9pbmNvbW1vbmNhLmluY29tbW9uZmVkZXJhdGlvbi5vcmcvcHJh
+Y3RpY2VzLnBkZjANBgkqhkiG9w0BAQUFAAOCAQEAZfgKUPA+Ky+Ou/vclMlFTMlU
+GspfbNSdG/fmIq+E/Lv1d2c73Am1zGhOpxgdkM8SE+BPnXW2rl71/N8gaqwgBBxk
+pwn410siumxlDTwV3HoVFvCGWylNy9o8OE1LyTCqfo8PRwrMzhwcagDgD813BIyj
+uJg/JQz1LnHMocIW/JligloSIzF1O435/+ckfWXQsmBIhvV5TmA3ZrcycrI1cHGE
+ZqrCXL0FMZLSr+Vady/tFbVojqI8pSubSMxNkZectePTBjVj1Qeb4hmG8jRv/fwy
+1Iw6OFH8RKny8nQaO5mOe/fF/swEsMVU9TDpvLIgbhTwnP7Nhfotgaxf5wG8WA==
+</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyAuthority>
+
+</Trust>
projects / shibboleth / cpp-sp.git / commitdiff