The XSEDE MyProxy CA service is an online certificate authority that provides X.509 certificates to XSEDE users for authenticating to XSEDE services. Clients communicate with the MyProxy service using the MyProxy Protocol. General information about MyProxy can be found on the MyProxy home page.


The XSEDE MyProxy CA service is available at on TCP port 7512. XSEDE users can use MyProxy clients in conjunction with their XSEDE usernames and passwords to retrieve short-lived X.509 certificates with a validity up to 11 days. The default validity period for the certificates is 12 hours. For example:

$ myproxy-logon -s -l username
Enter MyProxy pass phrase:
A credential has been received for user username in /tmp/x509up_u501.

A backup XSEDE MyProxy CA service is available at on TCP port 7512. Clients may be configured to use this service in the event the main service becomes unavailable.

Any issues with these services should be reported to

MyProxy OAuth Interface

See for information about the OAuth interface to the XSEDE MyProxy CA service.

Retirement of

The legacy and servers are scheduled for retirement on May 19 2015. If you are using these servers, please migrate to (primary) and (backup) as soon as possible.

When migrating to, please ensure your MyProxy client software is up-to-date. Globus Toolkit 4.2.0 or later and JGlobus 2.0 or later are required (for TLS and SHA-2 algorithm support). Globus Toolkit 4.2 and 5.0 clients require setting GLOBUS_GSSAPI_FORCE_TLS=1 in the environment for TLS support.

Please use the standard MyProxy port (7512) with rather than the legacy port (7514).

Unlike the server, the server does not support myproxy-get-trustroots. Please use the XSEDE CA Certificate Installer instead.

Key Points
XSEDE's MyProxy service only issues short-lived certificates.
MyProxy certificates are useful for single-sign-on, functioning much like SSH key pairs.
Special GSISSH clients are needed to make use of MyProxy certificates.
Related Links
Contact Information