Cannot Signing Server Certifiacte , ROOT,sub-ROOT signing is ok!
Closed this issue · 5 comments
bytevan commented
I tried more than 10 times, reset server\check env\check system requirements\and etc,
i can generate CA \ sub-CA certificate normally, but get error when i try to generate Server Certificate and Client Certificate.
BounCA files in dir:
/root/bounca-web/
use command to start uwsgi server :
uwsgi --socket 0.0.0.0:9001 --master --chdir /root/bounca-web/ --module wsgi
Nginx ,psql and uwsgi work normally! web client can be login and generate CA certificate only!
Get error on the below!
DEBUG (0.000) SELECT "bounca_distinguished_name"."id", "bounca_distinguished_name"."countryName", "bounca_distinguished_name"."stateOrP
rovinceName", "bounca_distinguished_name"."localityName", "bounca_distinguished_name"."organizationName", "bounca_distinguished_name"."
organizationalUnitName", "bounca_distinguished_name"."emailAddress", "bounca_distinguished_name"."commonName", "bounca_distinguished_na
me"."subjectAltNames" FROM "bounca_distinguished_name" WHERE "bounca_distinguished_name"."id" = 8; args=(8,)
Create signed server certificate
Generating RSA private key, 2048 bit long modulus
...............................................................................+++
....+++
e is 65537 (0x10001)
Using configuration from ./openssl-server_cert-mcom.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4098 (0x1002)
Validity
Not Before: Nov 28 15:01:11 2016 GMT
Not After : Nov 27 15:01:11 2017 GMT
Subject:
countryName = NL
stateOrProvinceName = Noord Holland
localityName = Amstelveen
organizationName = Repleo
organizationalUnitName = IT Department
commonName = *.m.com
emailAddress = ca@repleo.nl
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
BounCA.org by repleo.nl Generated Server Certificate
X509v3 Subject Key Identifier:
DE:A2:B8:70:AB:9C:31:70:9A:22:FF:C5:CA:AF:E9:E9:37:4A:41:58
X509v3 Authority Key Identifier:
keyid:DE:C1:54:D0:D9:92:07:1D:5D:68:17:FE:BA:15:C6:1F:A7:DF:8D:6B
DirName:/C=NL/ST=Noord Holland/L=Amstelveen/O=Repleo/OU=IT Department/CN=GoldenTrusted Network CA - G2/emailAddress=ca@
repleo.nl
serial:10:04
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:https://crl.daddytrust.com/gns3.crl
Authority Information Access:
OCSP - URI:https://ocsp.daddytrust.com
Certificate is to be certified until Nov 27 15:01:11 2017 GMT (364 days)
Write out database with 1 new entries
Data Base Updated
Error reading password from BIO
Error getting passwords
ERROR Internal Server Error: /api/v1/certificates
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 149, in get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/lib/python3.5/site-packages/django/core/handlers/base.py", line 147, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.5/site-packages/django/views/decorators/csrf.py", line 58, in wrapped_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 466, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/python3.5/site-packages/rest_framework/views.py", line 463, in dispatch
response = handler(request, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/rest_framework/generics.py", line 246, in post
return self.create(request, *args, **kwargs)
File "./bounca/api/views.py", line 61, in create
self, request, *args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/rest_framework/mixins.py", line 21, in create
self.perform_create(serializer)
File "./bounca/api/mixins.py", line 20, in perform_create
serializer.save()
File "/usr/local/lib/python3.5/site-packages/rest_framework/serializers.py", line 191, in save
self.instance = self.create(validated_data)
File "./bounca/api/serializers.py", line 133, in create
certificate = Certificate.objects.create(dn=dn, **validated_data)
File "/usr/local/lib/python3.5/site-packages/django/db/models/manager.py", line 122, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/local/lib/python3.5/site-packages/django/db/models/query.py", line 401, in create
obj.save(force_insert=True, using=self.db)
File "/usr/local/lib/python3.5/site-packages/django/db/models/base.py", line 708, in save
force_update=force_update, update_fields=update_fields)
File "/usr/local/lib/python3.5/site-packages/django/db/models/base.py", line 745, in save_base
update_fields=update_fields, raw=raw, using=using)
File "/usr/local/lib/python3.5/site-packages/django/dispatch/dispatcher.py", line 192, in send
response = receiver(signal=self, sender=sender, **named)
File "./bounca/x509_pki/models.py", line 350, in generate_certificate
generate_server_cert(instance)
File "./bounca/certificate_engine/generator.py", line 50, in __call__
root_path=root_path)
File "./bounca/certificate_engine/generator.py", line 108, in __call__
raise e
File "./bounca/certificate_engine/generator.py", line 91, in __call__
root_path=root_path)
File "./bounca/certificate_engine/generator.py", line 498, in generate_server_cert
certificate.dn.subj, ' '.join(certificate.dn.subjectAltNames)])
File "/usr/local/lib/python3.5/subprocess.py", line 626, in check_output
**kwargs).stdout
File "/usr/local/lib/python3.5/subprocess.py", line 708, in run
output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['/root/bounca-web/pki//GoldenTrustedNetworkCA/GoldenTrustedG2/gns3/generate_signed_server_cert
_certificate.sh', 'mcom', '364', '/CN=*.m.com/O=Repleo/OU=IT Department/L=Amstelveen/ST=Noord Holland/emailAddress=ca@repleo.nl/C=NL',
'']' returned non-zero exit status 1
DEBUG (0.001) SELECT "bounca_certificate"."id", "bounca_certificate"."type", "bounca_certificate"."shortname", "bounca_certificate"."na
me", "bounca_certificate"."dn_id", "bounca_certificate"."parent_id", "bounca_certificate"."crl_distribution_url", "bounca_certificate".
"ocsp_distribution_host", "bounca_certificate"."created_at", "bounca_certificate"."expires_at", "bounca_certificate"."revoked_at", "bou
nca_certificate"."revoked_uuid", "bounca_certificate"."owner_id" FROM "bounca_certificate" LIMIT 21; args=()
[pid: 3744|app: 0|req: 41/41] 49.221.62.106 () {50 vars in 1145 bytes} [Mon Nov 28 16:01:11 2016] POST /angular/reverse/?djng_url_name=
api%3Av1%3Acertificates => generated 181749 bytes in 634 msecs (HTTP/1.1 500) 3 headers in 106 bytes (1 switches on core 0)
Need Your Help!
bjarnoldus commented
I will look into it this week
bytevan commented
Thanks! i am writing to email you , very happy to get your response here ! waiting for you reply. if you want to get more BUG info ,plz let me know, thank!
bytevan commented
Hi Bjarnoldus ! Are you fig out this BUG? @bjarnoldus
bjarnoldus commented
I start now working on it, but don't expect fast results. Want to improve the application on several levels. Expect fix within a couple of weeks.
bjarnoldus commented
A new version of bounca can be found on www.bounca.org, with the link to gitlab