myproxy

The XSEDE MyProxy CA service is an online certificate authority that provides X.509 certificates to XSEDE users for authenticating to XSEDE services. Clients communicate with the MyProxy service using the MyProxy Protocol. General information about MyProxy can be found on the MyProxy home page.

 

The XSEDE MyProxy CA service is available at myproxy.xsede.org on TCP port 7512. XSEDE users can use MyProxy clients in conjunction with their XSEDE usernames and passwords to retrieve short-lived X.509 certificates with a validity up to 11 days. The default validity period for the certificates is 12 hours. For example:

$ myproxy-logon -s myproxy.xsede.org -l username
Enter MyProxy pass phrase:
A credential has been received for user username in /tmp/x509up_u501.

A backup XSEDE MyProxy CA service is available at myproxy.psc.xsede.org on TCP port 7512. Clients may be configured to use this service in the event the main service myproxy.xsede.org becomes unavailable.

Any issues with these services should be reported to help@xsede.org.

MyProxy OAuth Interface

See https://oa4mp.xsede.org/oauth/ for information about the OAuth interface to the XSEDE MyProxy CA service.

Retirement of myproxy.teragrid.org

The legacy myproxy.teragrid.org and myproxy.psc.teragrid.org servers are scheduled for retirement on May 19 2015. If you are using these servers, please migrate to myproxy.xsede.org (primary) and myproxy.psc.xsede.org (backup) as soon as possible.

When migrating to myproxy.xsede.org, please ensure your MyProxy client software is up-to-date. Globus Toolkit 4.2.0 or later and JGlobus 2.0 or later are required (for TLS and SHA-2 algorithm support). Globus Toolkit 4.2 and 5.0 clients require setting GLOBUS_GSSAPI_FORCE_TLS=1 in the environment for TLS support.

Please use the standard MyProxy port (7512) with myproxy.xsede.org rather than the legacy myproxy.teragrid.org port (7514).

Unlike the myproxy.teragrid.org server, the myproxy.xsede.org server does not support myproxy-get-trustroots. Please use the XSEDE CA Certificate Installer instead.

Key Points
XSEDE's MyProxy service only issues short-lived certificates.
MyProxy certificates are useful for single-sign-on, functioning much like SSH key pairs.
Special GSISSH clients are needed to make use of MyProxy certificates.
Related Links
Contact Information