Skip to content

Certificates

Use auth.certificates for the KSeF certificate lifecycle. The SDK sends CSR and lifecycle requests; your application or certificate tooling still owns key generation and CSR creation.

limits = auth.certificates.get_limits()
print(limits.can_request, limits.enrollment_remaining)
subject = auth.certificates.get_enrollment_data()
print(subject.common_name, subject.country_name)
enrollment = auth.certificates.enroll(
certificate_name="billing-service",
certificate_type="authentication",
csr="-----BEGIN CERTIFICATE REQUEST-----\n...\n-----END CERTIFICATE REQUEST-----",
)
status = auth.certificates.get_enrollment_status(
reference_number=enrollment.reference_number,
)
print(status.status_code, status.certificate_serial_number)
for certificate in auth.certificates.all(status="active"):
print(certificate.serial_number, certificate.name, certificate.valid_to)
  1. Check certificate and enrollment quotas.

  2. Fetch enrollment subject data.

  3. Generate a private key and CSR outside the SDK.

  4. Submit enrollment and persist the reference number.

  5. Poll status, retrieve the certificate, and store it with its private key.