Skip to content

Renewing a Grid Certificate

How to renew an existing grid certificate, before or after it expires.

If you already have a grid certificate that is still valid but about to expire, you can replace it with a new certificate with the exact same DN as your current certificate. Renewing your existing certificate will save you the hassle of having to request a new certificate or re-register for a VO with a new certificate later on.

Transition to CERN CA

US ATLAS has ceased to use OSG-supplied user certificates, in favor of certificates issued by the CERN certificate authority (CA). For more information, please see .

Determining certificate expiration date

You can check when your certificate is due to expire by examining it in your web browser's list of stored certificates, or check a stand-alone x509 certificate with an OpenSSL command:

openssl x509 -in _your-certificate-name.pem_ -noout -enddate

If the certificate is encrypted in pkcs12 format, you'll first need to convert it to PEM before running the above command:

opnssl pkcs12 -in _your-pkcs12-certificate-name.p12_ -out _your-new-pem-certificate.pem_

When prompted, enter your import password and PEM passphrase, as required.

Renewing a CERN CA certificate

CERN users wanting to renew a certificate issued by CERN can simply go to https://ca.cern.ch/ca/user/Request.aspx?template=ee2user. Create a password to protect the certificate, and click Get Grid User certificate. The result should be a new certificate with the same DN and CA as your previous certificate, thereby effectively renewing your certificate.

Keep in mind that if your certificate is reissued as new or with a different DN than has been registered with your VO membership, you'll need to either add it to your VO membership, or reapply for membership with the new DN.

See Installing a Grid Certificate to install or replace existing certificate files.

Discard your old certificate

Whether you've renewed an existing certificate or requested a new one, in order to prevent confusion and avoid the possibility of compromising your grid identity, be sure to discard your old certificate and private key files ( .pem or .p12 files). Do not mix your old files with your newly-obtained certificate/key pair.

Troubleshooting

For help with troubleshooting grid certificate renewal issues:

  • See the Grid Certificate FAQ for commonly asked questions.
  • If all else fails, Reporting Problems in the Grid Services queue, and describe your issue in as much detail as possible.