Skip to main content

No project description provided

Project description

Build Status

CERN Requests

Enables using requests without having to configure the CERN Root certificates.

Inspired by certifi, requests-kerberos and cern-sso-python

The Root certificate bundle is copied from the linuxsoft cern page and can also be created manually by downloading the CERN Grid Certification Authority files from


Requires Python 2.7 or Python 3.4+

pip install cernrequests


Request a Grid User Certificate and convert into public and private key:

mkdir -p ~/private
openssl pkcs12 -clcerts -nokeys -in myCertificate.p12 -out ~/private/usercert.pem
openssl pkcs12 -nocerts -in myCertificate.p12 -out ~/private/userkey.tmp.pem
openssl rsa -in ~/private/userkey.tmp.pem -out ~/private/userkey.pem

The certificates have to be passwordless.



import cernrequests

url = "https://<your-cern-website>"
response = cernrequests.get(url)

Cookies Example

If you want to access a website which requires CERN Single Sign-on cookies you can do the following:

import cernrequests

url = "https://<your-cern-website>"
cookies = cernrequests.get_sso_cookies(url)
response = cernrequests.get(url, cookies=cookies)

Alternative usage

If you want to use requests directly without the CERN wrapper you can get the exact same functionality by doing:

import requests
from cernrequests import certs

url = "https://<your-cern-website>"
cert = certs.default_user_certificate_paths()
ca_bundle = certs.where()

response = requests.get(url, cert=cert, verify=ca_bundle)


The default user certificate paths are first ~\private\ and ~\.globus\ for fallback. The default public key file name is usercert.pem and the default private key file name is userkey.pem

You can configure the default grid user certificate path by setting the CERN_CERTIFICATE_PATH environment variable.

For example:

export CERN_CERTIFICATE_PATH=${HOME}/my_custom_folder

This will still assume that your filenames are usercert.pem and userkey.pem Write this line in your .bashrc to make the configuration persistent.

Alternatively you can also specify the paths directly in your code:

import cernrequests

url = "https://<your-cern-website>"
cert = "my/custom/path/cert.pem"    # Public key path
key = "my/custom/path/key.pem"      # Private key path

cernrequests.get(url, cert=(cert,key))

This way you can even use custom names such as cert.pem and key.pem


python -m venv venv
source venv/bin/activate
pip install -r testing-requirements.txt


I'm getting certificate verify failed! What should I do?

The cernrequests/cern-cacerts.pem file has expired, and will need to be updated by the library maintainer. Download all the CA files from here and convert them to .pem files, one-by-one by running:

 openssl x509 -in <CERN certification authority file.crt> -out temp.pem -outform PEM

Then, merge the contents of each .pem file into a single cern-cacerts.pem file and replace the existing one. Verify that the certs work by running pytest.


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cernrequests-0.3.3.tar.gz (19.1 kB view hashes)

Uploaded Source

Built Distribution

cernrequests-0.3.3-py3-none-any.whl (18.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page