This site requires JavaScript to be enabled

How to get an OSG personal certificate as a Fermilab staff or user


Intended for: Fermilab staff or users who need to get an OSG personal certificate

Scenario/Use case

This article provides instructions on how to get an OSG personal certificate as a Fermilab staff or user.


Note: If you need to renew your OSG personal certificate before it expires, follow the instructions in the article How to renew your OSG personal certificate.

Basic Requirements

Before you get your OSG PKI Personal Certificate

Before starting, determine which Virtual Organization (VO) and sponsor to choose. The approval process depends on what your VO affiliation is, and in some cases, for what purpose you plan to use the certificate. Once you get a certificate, you can of course use it for any purpose.   Selecting the VO is dependent on several factors. Major experiments such as CDF, D0, CMS and LBNE have their own VOs while other Fermilab-based experiments are handled as Fermilab/<experiment> subsidiary VOs.  Finally, Fermilab is available as its own VO primarily for Fermilab staff and users without any other VO affiliation.  If you need further information in selecting a VO go to Which VO should I choose for more information to help you in choosing which VO to select.

Note that an OSG certificate is valid for one year. You will receive email notification from OSG prior to certificate expiration so that you can renew it.

How to request an OSG certificate


Get your certificate and import it into your browser

You will receive an email message from OSG PKI stating whether your request was approved or denied. If you don't get this email message within 24 hours, call the Service Desk at (630) 840-2345. They will need the request number in order to follow up (you will receive a Ticket Creation Notification from the OSG which contains the request number).  Instructions on importing your certificate into various browsers and mail clients can be found in How to import and export personal and CA certificates.


Using Globus tools for submitting grid jobs from Linux/UNIX

If you will be using Globus tools to run grid jobs from a Linux or other UNIX machines, you need to get a proxy certificate. To do so, your certificate and user key need to be in PEM format. To convert them from their original PKCS#12 format to PEM:


Which Virtual Organization (VO) should I choose?

You can see a list of all the VOs by going to the OSG Virtual Organizations page. Clicking on a VO in this list will take you to a page with more details on that VO. Typically, if you are part of an experiment, you will likely want to select your experiment's VO as your sponsoring VO. If your VO appears in the list of VOs at, then select "Fermilab" from the pull down menu.

See Also: