CERN Accelerating science

WLCG "Catch-All" Certification Authority

The WLCG Catch-all CA provides certificates for users and services who are not otherwise covered by one of the approved LCG Certification Authorities (CA). Often called a "catch-all" CA the service is actually run as a "Registration Authority" (RA) of the OSG PKI. The certificates are issued by the OSG PKI but the identity of the applicant and right to own the certificate are validated by the WLCG RA or an appointed agent.

The WLCG RA will ONLY approve your certificate request if ALL the following are true:

  • you are eligible to be part of a recognized WLCG Virtual Organisation (VO)
  • you could not reasonably be expected to obtain a certificate from another approved WLCG CA
  • you require the certificate for an activity related to LCG


If you do not have a national Certification Authority, and you are not eligible for a certificate from the CERN CA, email 

The project-lcg-certificates team will confirm your situation, and provide instructions on further action:

Useful links

WLCG thanks the OSG PKI for providing the infrastructure and support for this service.


Page last updated on: 6 Jun 2016