Skip Navigation Links.

Grid Robot certificates

Robots, also known as automated clients, are entities that perform tasks without human intervention.

These procedures generally run using an identity with the necessary privileges to perform their tasks. If automated tasks need to authenticate using a certificate provided by the CERN Grid Certification Authority, a robot certificate should be used.

Robot certificates can only be issued to valid Service accounts.

The purpose of a robot certificate is to allow the team performing the automated tasks to authenticate without needing individual user certificates. Moreover, if the certificate subject is used by the application, it will not be necessary to modify the application's configuration each time a new certificate is issued.

Who can request a robot certificate

Please note that the official Certificate Policy and Certificate Practice Statement documents for the CERN Grid Certification Authority are available at the address This help page is only an informal excerpt from the official documents.

To request a robot certificate a user must:

  • Be registered in CERN�s central HR database under the Staff category.
  • Be the owner of a special CERN Service Account
    • The Service Account must forward messages to the owner, or to a responsible group
  • Authenticate, using the CERN Service Account, to this website and submit a request, following confirmation that:
    • The robot certificate will be used in a completely automated environment.
    • The robot certificate will be used without human interventions. Robot certificates should be used only inside scripts and applications that are scheduled and running on a regular basis.
  • After this request is successfully validated, the requestor may submit a certificate request on this website.

A robot certificate must not be used for the following purposes:

  • To share a certificate so that people don't need to enter individual credentials.
  • To obtain a certificate for a Service account.

How to request a robot certificate

If your requirements satisfy the conditions to get a robot certificates, you can request one as follows:

  • Make sure that you are the owner of the Service account that will be used to request robot certificates. If you do not have such a service account, you can create one from the "My Accounts" page on the Account Management site.
  • Make sure that you have a valid CERN User certificate.
  • Send an email, signed with your user certificate, to, containing:
    • The reason why you need a robot certificate
    • The name (login) of the service account that will be used to request the certificate
  • After a successful evaluation of your request, your Service account will be granted the right to get a Robot certificate.
  • Login to the CERN Grid Certification Authority site using the authorized service account and request a Robot certificate through this page.

Created: 3/10/2020
Last reviewed: 2/25/2020
Send the page Send  |  Printable version Print