Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/TI-Sin-Problemas/erpnext_mexico_compliance/llms.txt

Use this file to discover all available pages before exploring further.

Digital Signing Certificate stores the SAT-issued Certificado de Sello Digital (CSD) for each company. Each record holds the .cer certificate file, the .key private key file, and the password needed to cryptographically sign CFDI documents. The satcfdi library’s Signer class is loaded from these three inputs at signing time.
The certificate, key, and password are all marked no_copy, so duplicating a Digital Signing Certificate record will not transfer the files or password to the copy. You must re-upload the files on each new record.

Auto-naming

Records are named using the expression format:{company}-{##}, which produces sequential identifiers such as ACME SA de CV-001, ACME SA de CV-002, and so on. This makes it straightforward to maintain multiple certificates per company (e.g., during a certificate rotation).

Fields reference

company
Link → Company
required
The ERPNext Company for which this Digital Signing Certificate will be used to sign CFDIs. Each company can have multiple certificate records, but only the record assigned in CFDI Stamping Settings → Default Digital Signing Certificates is used for automatic stamping.
certificate
Attach
The .cer binary certificate file issued by the SAT. Upload the file directly from the SAT portal (Certificados → Descarga). This file is not copied when duplicating the record.
key
Attach
The .key private key file issued by the SAT alongside the .cer certificate. This file is not copied when duplicating the record.
password
Password
The password used to decrypt the .key private key file. Stored encrypted via Frappe’s password field mechanism. This field is not copied when duplicating the record. The decrypted value is retrieved at signing time via get_password("password").

Triad validation

The certificate is considered complete only when all three of certificate, key, and password are set (triad_is_complete). When the triad is complete, the validate hook attempts to build a Signer object; if the files or password are invalid (e.g., mismatched certificate/key pair), a frappe.ValidationError is raised and the record cannot be saved. You can also trigger validation on demand from the form using the Validate Certificate button, which calls the validate_certificate() whitelisted method and displays a green confirmation showing the legal name, RFC, and branch name extracted from the certificate.
Use Validate Certificate after uploading new files to confirm the triad is correct before assigning the record as a Default CSD.

Python methods

The following methods are available on a DigitalSigningCertificate document instance. They are used internally by the stamping pipeline.

get_issuer() → Emisor

Builds a satcfdi.create.cfd.cfdi40.Emisor object from the certificate data and the company’s configured tax regime. The rfc and legal_name are extracted directly from the certificate via the signer property. The regimen_fiscal is read from the linked Company’s mx_tax_regime field.
csd = frappe.get_doc("Digital Signing Certificate", "ACME SA de CV-001")
emisor = csd.get_issuer()
# emisor.rfc, emisor.nombre, emisor.regimen_fiscal are populated
Raises a frappe.ValidationError with a link to the Company record if mx_tax_regime is not set on the company. Returns: satcfdi.create.cfd.cfdi40.Emisor

get_key_b64() → str

Reads the .key file from Frappe’s file storage and returns its contents encoded as a Base64 string. Used when the raw Base64-encoded key is needed for external API calls.
csd = frappe.get_doc("Digital Signing Certificate", "ACME SA de CV-001")
key_b64: str = csd.get_key_b64()
Returns: str — Base64-encoded content of the .key file.

get_certificate_b64() → str

Reads the .cer file from Frappe’s file storage and returns its contents encoded as a Base64 string. Used when the raw Base64-encoded certificate is needed for external API calls.
csd = frappe.get_doc("Digital Signing Certificate", "ACME SA de CV-001")
cert_b64: str = csd.get_certificate_b64()
Returns: str — Base64-encoded content of the .cer file.

signer (property) → Signer | None

Loads and returns a satcfdi.models.Signer object initialised with the certificate bytes, key bytes, and decrypted password. Returns None if the triad is not complete (any of certificate, key, or password is missing). Raises frappe.ValidationError with the title "Invalid Signing Certificate" if the files exist but the Signer cannot be constructed (e.g., wrong password, corrupted file).
csd = frappe.get_doc("Digital Signing Certificate", "ACME SA de CV-001")
voucher.sign(csd.signer)
Returns: satcfdi.models.Signer | None

validate_certificate() (whitelisted)

Validates the digital signing certificate interactively. If signer is not None, displays a green frappe.msgprint dialog listing the branch name, legal name, and RFC extracted from the certificate. No return value; intended for use from the Frappe form UI.
# Triggered via the form button or frappe.call
csd = frappe.get_doc("Digital Signing Certificate", "ACME SA de CV-001")
csd.validate_certificate()

Additional read-only properties

PropertyTypeDescription
legal_namestr | NoneLegal name encoded in the certificate (signer.legal_name). None if triad is incomplete.
rfcstr | NoneRFC encoded in the certificate (signer.rfc). None if triad is incomplete.
branch_namestr | NoneBranch name encoded in the certificate (signer.branch_name). None if triad is incomplete.
triad_is_completeboolTrue when all three of certificate, key, and password are set.

Permissions

RoleReadWriteCreateDelete
System Manager
Accounts Manager
Accounts User
Accounts Users can view existing certificate records (for linking purposes) but cannot create, modify, or delete them.

Build docs developers (and LLMs) love