Skip to main content

Python interface to the Sectigo Certificate Manager REST API

Project description


This library provides a Python interface to the Sectigo Certificate Manager REST API. python-cert_manager is open sourced under the BSD 3-Clause license.

CircleCI codecov


cert_manager still runs on Python 2.7, and Python >= 3.4


There are many API endpoints under Certificate Manager, and this library currently supports a subset of those endpoints. The current list of written and tested endpoint classes includes:

  • Organization (/organization)
  • Person (/person)
  • SSL (/ssl)

Other endpoints we hope to add in the near future:

  • Client Administrator (/admin)
  • Code Signing Certificates (/csod)
  • Custom Fields (/customField)
  • Domain Control Validation (/dcv)
  • Device Certificates (/device)
  • Discovery (/discovery)
  • Domain (/domain)
  • SMIME (/smime)


You can use pip to install cert_manager:

pipenv install cert_manager


This is a simple example that just shows initializing the Client object and using it to query the Organization and SSL endpoints:

from cert_manager import Organization
from cert_manager import Client
from cert_manager import SSL

client = Client(

org = Organization(client=client)
ssl = SSL(client=client)


The most common process you would do, however, is enroll and then collect a certificate you want to order from the Certificate Manager:

from time import sleep

from cert_manager import Organization
from cert_manager import Client
from cert_manager import SSL

client = Client(

# We need to enroll the certificate under an organization, so we will need to query the API for that
org = Organization(client=client)
# We need the SSL module to enroll the certificate
ssl = SSL(client=client)

cert_org = org.find(dept_name="MyDept")

result = ssl.enroll(cert_type_name="InCommon SSL (SHA-2)", csr="host.csr", term=365, org_id=cert_org[0]["id"])

# This is just for demonstration purposes.
# Doing a wait loop like this to poll for the certificate is not the best way to go about this.
    # Collect the certificate from Sectigo
        cert_pem = ssl.collect(cert_id=result["sslId"], cert_format="x509CO")
    except Pending:
        print("Certificate is still pending...sleeping for 60s")
    except Exception:
        # For some unexpected exception, exit


Pull requests to add functionality and fix bugs are always welcome. Please check the for specifics on contributions.


We try to have a high level of test coverage on the code. Therefore, when adding anything to the repo, tests should be written to test a new feature or to test a bug fix so that there won't be a regression. This library is setup to be pretty simple to build a working development environment using Docker. Therefore, it is suggested that you have Docker installed where you clone this repository to make development easier.

To start a development environment, you should be able to just run the script. This script will use the Dockerfile in this repository to build a Docker container with all the dependencies for development installed using Pipenv.


The first time you run the script, it should build the Docker image and then drop you into the container's shell. The directory where you cloned this repository should be volume mounted in to /usr/src, which should also be the current working directory. From there, you can make changes as you see fit. Tests can be run from the /usr/src directory by simply typing green as green has been setup to with the correct parameters.


Releases to the codebase are typically done using the bump2version tool. This tool takes care of updating the version in all necessary files, updating its own configuration, and making a GitHub commit and tag. We typically do version bumps as part of a PR, so you don't want to have bump2version tag the version at the same time it does the commit as commit hashes may change. Therefore, to bump the version a patch level, one would run the command:

bump2version --verbose --no-tag patch

Once the PR is merged, you can then checkout the new master branch and tag it using the new version number that is now in .bumpversion.cfg:

git checkout master
git pull --rebase
git tag 1.0.0 -m 'Bump version: 0.1.0 → 1.0.0'
git push --tags

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for cert-manager, version 1.0.0
Filename, size File type Python version Upload date Hashes
Filename, size cert_manager-1.0.0-py3-none-any.whl (31.1 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size cert_manager-1.0.0.tar.gz (44.0 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page