get_cert

ciecplib.get_cert(endpoint=None, hours=168, username=None, kerberos=False, spurl='https://ecp.cilogon.org/secure/getcert', debug=False, session=None)

Create an X.509 credential using SAML/ECP.

Warning

CILogon has announced the retirement of support for X.509 certificates, please see https://ca.cilogon.org/retirement for details; attempts to request a certificate from cilogon.org will result in an error after May 2025, please contact help@cilogon.org for assistance.

Parameters:

• endpoint (str, optional) – the identity provider URL

• hours (int, optional) – the desired validity of the credential

• username (str, optional) – the username to use when authenticating

• kerberos (bool, optional) – if True use an existing kerberos TGT to authenticate

• debug (bool, optional) – if True enable verbose debugging from requests, currently unused

• session (requests.Session, optional) – an active requests.Session to use with the query

Returns:

• cert (cryptography.x509.Certificate) – The newly minted certificate.

• key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) – The RSA key object used to sign the certificate.