diff --git a/gracedb/ligoauth/migrations/0019_update_idq_certs.py b/gracedb/ligoauth/migrations/0019_update_idq_certs.py
new file mode 100644
index 0000000000000000000000000000000000000000..66a6366705582e8a97f36f70b465503d691564ba
--- /dev/null
+++ b/gracedb/ligoauth/migrations/0019_update_idq_certs.py
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11.16 on 2018-12-14 15:55
+from __future__ import unicode_literals
+
+from django.db import migrations
+
+ACCOUNTS = {
+ 'idq-wa': {
+ 'old_cert': '/DC=org/DC=ligo/O=LIGO/OU=Services/CN=idqLHO/ldas-grid.ligo-wa.caltech.edu',
+ 'new_cert': '/DC=org/DC=cilogon/C=US/O=LIGO/OU=Robots/CN=ldas-grid.ligo-wa.caltech.edu/CN=idq-lho/CN=Reed Essick/CN=UID:reed.essick.robot',
+ },
+ 'idq-la': {
+ 'old_cert': '/DC=org/DC=ligo/O=LIGO/OU=Services/CN=idqLLO/ldas-grid.ligo-la.caltech.edu',
+ 'new_cert': '/DC=org/DC=cilogon/C=US/O=LIGO/OU=Robots/CN=ldas-grid.ligo-la.caltech.edu/CN=idq-llo/CN=Reed Essick/CN=UID:reed.essick.robot',
+ },
+}
+
+
+def update_certs(apps, schema_editor):
+ User = apps.get_model('auth', 'User')
+
+ for user, certs in ACCOUNTS.iteritems():
+ # Get user
+ user = User.objects.get(username=user)
+
+ # Create new certificate
+ user.x509cert_set.create(subject=certs['new_cert'])
+
+ # Delete old certificate
+ old_cert = user.x509cert_set.get(subject=certs['old_cert'])
+ old_cert.delete()
+
+
+def revert_certs(apps, schema_editor):
+ User = apps.get_model('auth', 'User')
+ X509Cert = apps.get_model('ligoauth', 'X509Cert')
+
+ for user, certs in ACCOUNTS.iteritems():
+ # Get user
+ user = User.objects.get(username=user)
+
+ # Create old certificate
+ user.x509cert_set.create(subject=certs['old_cert'])
+
+ # Delete new certificate
+ old_cert = user.x509cert_set.get(subject=certs['new_cert'])
+ old_cert.delete()
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ('ligoauth', '0018_update_cds_llo_certs'),
+ ]
+
+ operations = [
+ migrations.RunPython(update_certs, revert_certs),
+ ]