Java trust store for the SWITCHaai federation
---------------------------------------------

Version 1.4, 23 February 2010

----------------------------------------------
Valid CA list:

CN=Thawte Server CA 
O=Thawte Consulting cc
OU=Certification Services Division
SHA1: 23:E5:94:94:51:95:F2:41:48:03:B4:D5:64:D2:A3:A3:F5:D8:8B:8C

CN=Thawte Premium Server CA
O=Thawte Consulting cc
OU=Certification Services Division
SHA1: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A

C=US,O=VeriSign, Inc.
OU=Class 3 Public Primary Certification Authority
SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2

C=US, O=GTE Corporation,
OU=GTE CyberTrust Solutions, Inc.,
CN=GTE CyberTrust Global Root
SHA1: 97:81:79:50:D8:1C:96:70:CC:34:D8:09:CF:79:44:31:36:7E:F4:74
----------------------------------------------

keystore: truststore-switchaai.jks
password: switchaai

To dump the content:
----------------------------------------------

$ keytool -list -v -keystore truststore-switchaai.jks
Password: switchaai
...

Tomcat server.xml configuration:
----------------------------------------------

To enable Tomcat clientAuth for the SWITCHaai federation, edit the server.xml configuration file and define a <Connector> with clientAuth and the truststore-switchaai.jks trust store.

--- 8< ---------------------------------------
<!-- AAI clientAuth on port 443 -->
<Connector port="443" address="192.168.1.1" 
           maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="true" sslProtocol="TLS"
           keystoreFile="/etc/tomcat/www.example.ch.jks"
           keystorePass="aaiadmin"
           truststoreFile="/etc/tomcat/truststore-switchaai.jks"
           truststorePass="switchaai" />
--- >8 ---------------------------------------