Please note:
- The procedure to request robot certificates is now fully automated, and it's no longer necessary to request
permissions to Certification Authority administrators with a digitally signed email
- If you do not satisfy the criteria to request a robot certificate, no exceptions are possible.
Grid Robot certificates
Robots, also known as automated clients, are entities that perform tasks without human intervention.
These procedures generally run using an identity with the necessary privileges to perform their tasks. If
automated tasks need to authenticate using a certificate provided by the CERN Grid Certification Authority,
a robot certificate should be used.
Robot certificates can only be issued to valid
Service accounts.
The purpose of a robot certificate is to allow the team performing the automated tasks to authenticate
without needing individual user certificates. Moreover, if the certificate subject is used by the application,
it will not be necessary to modify the application's configuration each time a new certificate is issued.
A robot certificate must not be used for the following purposes:
- To share a certificate so that people don't need to enter individual credentials.
- To obtain a certificate for a Service account.
Who can request a robot certificate
Please note that the official Certificate Policy and Certificate Practice Statement documents for the CERN Grid
Certification Authority are available at the address http://cern.ch/cafiles.
This help page is only an informal excerpt from the official documents.
To request a robot certificate a user must:
- Be registered in CERN's central HR database with one of the following categories, for which physical presence
at the appropriate registration service is required:
- Members of Personnel (as defined in
Administrative
Circular 11). Status: STAFF, FELL, PDAS, PJAS, USAS, CASS, UPAS, USER, DOCT, TECH, ADMI, SUMM, CHIL,
APPR, COAS, GPRO, VISC, TRNE.
- Employees of a CERN contractor. Status: ENTC.
- Participants to an experiment. Status: PART.
- Honorary members. Status: EXTN with reason HONO.
- Have a CERN computer account and register an email address.
- Be the owner of a CERN Service Account for which you want to get a robot certificate
- The Service Account must forward messages to the owner, or to a responsible group
How to request a robot certificate
If your requirements satisfy the conditions to get a robot certificates, you can request one as follows: