bjarnoldus
commented
6 years ago Yes, the python code calls/generates the shell scripts. You can use the shell scripts 'unmanaged', passwords of the keys are also not stored in the database, and openssl is called everytime to see if you have access to the keys. What probably happens is that openssl fails. This is indeed open work what needs to be improved. What you can do: try to create the keys from commandline and set script debugging on. I had once: https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean Maybe it just works if you remove the .rnd
Hi,
First, thank you for taking the effort to create BounCA, I have been searching for a tool like this for a while and it seems ideal for my purpose.
I managed to create root-ca, intermediate-ca and a server certificate. Downloading root and intermediate certs worked just fine, but the server cert resulted in 404 file not found. I generated several server certs and a user cert, all with the same problem.
I expected the logs to show a failure somewhere, but could not find any exceptions or tracebacks. Taking a look at the code, I noticed that the make_certificate_zip_response class method in bounca/api/views.py zips together a lot of files including a p12-file, but no such files exists on my system. I'm not sure if this is a bug in the code or my setup not generating the correct files but I was able to fix the problem by commenting out the 3 lines in the function referencing the p12-file.
I'm assuming the Zipfile function creates a FileNotFoundError which is processed in the calling get() so ultimately it chooses to return a 404 since one of the files is missing.