CILogon-enabled Applications

A CILogon-enabled Application is a program that can download a certificate from using an Activation Code.

To use a CILogon-enabled application:

  1. Open in a web browser and log on.
  2. Click the Get New Activation Code button shown at
  3. Highlight and copy the Activation Code (for example: acb7b5c63931067c3c6340c5b2b2e72f) displayed at
  4. Paste the Activation Code when prompted by the CILogon-enabled application.

The Get New Activation Code functionality is an optional capability that is enabled when you visit To see all optional capabilities, visit To revert to the default CILogon interface, visit To request a customized "skin" for your applications, please contact us at


An example CILogon-enabled application is available at It is a relatively simple script written in the Python language. The following command-line example demonstrates its use:

$ wget

$ python

Please enter your Activation Code: <--- paste the Activation Code here

Using GridShib CA server at

Generating private keys and certificate request.

Credential written to /tmp/x509up_u501


Implementation Details

CILogon-enabled applications implement the GridShib-CA Credential Retriever Protocol. It must:

  • Generate a 2048-bit RSA private key.
  • Create a PEM-encoded PKCS10 certificate request containing the corresponding RSA public key.
  • Submit an HTTP POST request to containing the certificate request and the Activation Code.
  • Read the response to the HTTP POST containing the PEM-encoded signed X.509 certificate.