I want to authenticate to Box Developer Edition using box-python-sdk, this way:

auth = JWTAuth(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    enterprise_id='YOUR_ENTERPRISE_ID',
    rsa_private_key_file_sys_path='CERT.PEM',
    store_tokens=your_store_tokens_callback_method,
)

(1) I have created a private and public key using the App Auth instructions, and decrypted the private key. How do I get the CERT.PEM?

(2) What is the your_store_tokens_callback_method supposed to do?

cert.pem should be a path to a file that is your private key.

your_store_tokens_callback_method should be a lambda that runs and persists the tokens you get back from Box so you can make additional authenticated calls.

Check out https://github.com/box/box-python-sdk/blob/1b2d19662e904a2cc850dab2c66ee122c3b3e20e/README.rst#get-the-authorization-url for an example of store_tokens. It also seems that given the docs this parameter is optional.

def store_tokens(access_token, refresh_token):
    # store the tokens at secure storage (e.g. Keychain)