CILogon X.509 Certificate Retirement Plan



Thanks to the adoption of OpenID Connect, OAuth, and SciTokens, CILogon is seeing reduced demand for X.509 certificates, so we are beginning to retire CILogon's X.509 certificate services. Operating X.509 certificate services is a significant expense for the CILogon project, for both policy and technical reasons, so beginning to retire the X.509 services will enable us to more effectively and efficiently support the current and future needs of CILogon subscribers.

Timeline (subject to revision):

JUNE 2023

The endpoint is deprecated. Current CILogon OpenID Connect (OAuth) clients may continue using the endpoint until it is disabled, but it is no longer available to new CILogon OpenID Connect (OAuth) clients.


The endpoint is disabled.

MAY 2025

The "Create Password-Protected Certificate" option at will be disabled.


The CILogon X.509 Certificate Authorities will be retired and withdrawn from the IGTF distribution.

Last Updated: January 24, 2024