CILogon X.509 Certificate Retirement Plan
CILogon is retiring our X.509 certificate services, because CILogon subscribers are migrating from X.509 certificates to other mechanisms (e.g., SciTokens).
If you do not request X.509 certificates from CILogon, then you are not impacted by the plans described below, and you do not need to read further. CILogon's other services (OIDC, OAuth, COmanage, SciTokens, SATOSA, LDAP, etc.) are not impacted.
CILogon will continue to issue X.509 certificates for Fermilab and LIGO using cigetcert and ligo-proxy-init until they have completed their transition to SciTokens and WLCG tokens. The CILogon X.509 Certificate Authorities will not be retired until that time.
If you have questions or comments, please contact us at firstname.lastname@example.org.
Thanks to the adoption of OpenID Connect, OAuth, and SciTokens, CILogon is seeing reduced demand for X.509 certificates, so we are beginning to retire CILogon's X.509 certificate services. Operating X.509 certificate services is a significant expense for the CILogon project, for both policy and technical reasons, so beginning to retire the X.509 services will enable us to more effectively and efficiently support the current and future needs of CILogon subscribers.
Last Updated: January 24, 2024