5.2.4. xgt.PKIAuth

class xgt.PKIAuth(ssl_root_dir: str | None = None, ssl_server_cert: str | None = None, ssl_client_cert: str | None = None, ssl_client_key: str | None = None)

PKI-based authentication. Will derive user ID from information in the required x509 client certificate. Automatically enables mutual TLS for connecting to the server.

Added in version 1.15.0.

Parameters:

  • ssl_root_dir (str | None) – Path to the root folder for ssl certificates and private keys. Defaults to the user’s home directory.

  • ssl_server_cert (str | None) – File containing the certificate chain that validates the server’s certificate. Defaults to ssl_root_dir + ‘/certs/ca-chain.cert.pem’.

  • ssl_client_cert (str | None) – File containing the client’s certificate. Defaults to ssl_root_dir + ‘/certs/client.cert.pem’

  • ssl_client_key (str | None) –

    File containing the client’s key. Defaults to ssl_root_dir + ‘/private/client.key.pem’

    Added in version 1.16.0.

Attributes

ssl_client_cert

The location of the file with the client's certificate.

ssl_client_key

The location of the file with the client's key.

ssl_root_dir

The SSL certificate directory.

ssl_server_cert

The location of the file with the certificate chain validating the server certificate.
property ssl_client_cert: str

The location of the file with the client’s certificate.

property ssl_client_key: str

The location of the file with the client’s key.

property ssl_root_dir: str

The SSL certificate directory.

property ssl_server_cert: str

The location of the file with the certificate chain validating the server certificate.