mathiasertl / django-ca Goto Github PK
View Code? Open in Web Editor NEWDjango app providing a Certificate Authority
License: GNU General Public License v3.0
django-ca's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
scm dee42 davidfraser jcmcken barbagrigia devopsmakers rthill pvergain mbassett miradam safplusplus rednixon luomor bossjones xkill norsig monsieurcellophane amaccuish yaka-es xbaro suboklee86 astranox zeus911 zwd1990 bartzjegr prakharjain-vogo podjacker cheesestick bruot tunfish alfonsrv psydox bellyfat xelan maikirakiwi bandirom thinkwelltwd henrik-andreasson fork-for-review kwanghojung ilya-maltsev crackercat kushaldasdjango-ca's Issues
OCSP/CRLs for CAs
Support OCSP services and CRLs for CAs (so clients can validate if the child-ca was revoked).
Download of certificate in admin interface with strange naming
I just recognized that the file name of the certificates is not very intuitive. Maybe it would be better to have the common name as file name?
Occasional errors when adding cert with "Include CommonName" ticked
Hi. Great package!
When creating a new certificate in the admin site, if I set CommonName to something with spaces, such as "A B" and leave the box "Include CommonName" ticked in the the SubjectAltName section, I get a parsing error (see below). While such a certificate may be awkward, it would still be best to catch the exception and avoid a server error.
Environment:
Request Method: POST
Request URL: http://127.0.0.1:8000/admin/django_ca/certificate/add/
Django Version: 3.1
Python Version: 3.7.3
Installed Applications:
['django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django_object_actions',
'django_ca']
Installed Middleware:
['django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware']
Traceback (most recent call last):
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/profiles.py", line 310, in _update_san_from_cn
cn = parse_general_name(subject['CN'])
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/utils.py", line 579, in parse_general_name
idna.encode(name)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/idna/core.py", line 362, in encode
s = alabel(label)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/idna/core.py", line 270, in alabel
ulabel(label)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/idna/core.py", line 308, in ulabel
check_label(label)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/idna/core.py", line 261, in check_label
raise InvalidCodepoint('Codepoint {0} at position {1} of {2} not allowed'.format(_unot(cp_value), pos+1, repr(label)))
During handling of the above exception (Codepoint U+0020 at position 2 of 'a b' not allowed), another exception occurred:
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/core/handlers/base.py", line 179, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/contrib/admin/options.py", line 614, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/contrib/admin/sites.py", line 233, in inner
return view(request, *args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/admin.py", line 483, in add_view
return super(CertificateAdmin, self).add_view(request, form_url=form_url, extra_context=extra_context)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/contrib/admin/options.py", line 1653, in add_view
return self.changeform_view(request, None, form_url, extra_context)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/utils/decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/contrib/admin/options.py", line 1534, in changeform_view
return self._changeform_view(request, object_id, form_url, extra_context)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django/contrib/admin/options.py", line 1580, in _changeform_view
self.save_model(request, new_object, form, not add)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/admin.py", line 655, in save_model
password=data['password'], extensions=extensions)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/profiles.py", line 227, in create_cert
self._update_san_from_cn(cn_in_san, subject=cert_subject, extensions=cert_extensions)
File "/var/local/cache/django_ca_test/python/lib/python3.7/site-packages/django_ca/profiles.py", line 312, in _update_san_from_cn
raise ValueError('%s: Could not parse CommonName as subjectAlternativeName.' % subject['CN'])
Exception Type: ValueError at /admin/django_ca/certificate/add/
Exception Value: A B: Could not parse CommonName as subjectAlternativeName.
Issue certificate from the web
In the documentation, this is listed as a description of the web interface:
The web interface allows you to perform the most common tasks necessary when running certificate authority. It is implemented using Djangos admin interface. You can:
Issue and revoke certificates.
...
However, I do not see a way to create new certificates from the webUI. Has this functionality not been implemented yet or am I just using/reading this wrong?
CSRs containing wildcard domains cannot be signed
Signing a CSR that contains a wildcard DNS domain results in a ValueError exception thrown by utils.parse_general_name. This is pretty much the same issue that Cryptography fixed awhile back(pyca/cryptography#2054).
I've attached the traceback and a sample CSR with a wildcard CN for reference.
TypeError: add_extension() got an unexpected keyword argument 'extension'
When creating a CA I get the following (XX denotes redactions). The CA appears to be successfully created in spite of this error.
Using Django 2.2.18 and django-ca 1.17.1
DJANGO_SETTINGS_MODULE=XX.settings.test_deployment ./manage.py init_ca --pathlen=2 --crl-url=http://ca.example.com/crl --ocsp-url=http://ocsp.ca.example.com --issuer-url=http://ca.example.com/ca.crt XX /C=XX/L=XX/O=XX/OU=XX/CN=ca.XX
Traceback (most recent call last):
File "./manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/home/django/venv/lib/python3.8/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/home/django/venv/lib/python3.8/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/django/venv/lib/python3.8/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/django/venv/lib/python3.8/site-packages/django_ca/management/base.py", line 294, in execute
super(BaseCommand, self).execute(*args, **options)
File "/home/django/venv/lib/python3.8/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
File "/home/django/venv/lib/python3.8/site-packages/django_ca/management/commands/init_ca.py", line 207, in handle
run_task(generate_ocsp_key, serial=ca.serial, password=options['password'])
File "/home/django/venv/lib/python3.8/site-packages/django_ca/tasks.py", line 64, in run_task
return task(*args, **kwargs)
File "/home/django/venv/lib/python3.8/site-packages/django_ca/tasks.py", line 88, in generate_ocsp_key
private_path, cert_path, cert = ca.generate_ocsp_key(**kwargs)
File "/home/django/venv/lib/python3.8/site-packages/django_ca/models.py", line 789, in generate_ocsp_key
cert = Certificate.objects.create_cert(ca=self, csr=csr, profile=profile, subject=self.subject,
File "/home/django/venv/lib/python3.8/site-packages/django_ca/managers.py", line 354, in create_cert
cert = profile.create_cert(ca, csr, **kwargs)
File "/home/django/venv/lib/python3.8/site-packages/django_ca/profiles.py", line 242, in create_cert
builder = builder.add_extension(**extension.for_builder())
TypeError: add_extension() got an unexpected keyword argument 'extension'
Migration Issue
Version: django-ca==1.19.0
Issue with migrations
Thanks!
The suggested way of making intermediate CA doesn't seem to work
The suggested way to do intermediate CA at #7
doesn't seem to work after a closer look into the intermediate CA certs.
Here is what I did:
[1] Generate root CA by:
init_ca --pathlen=2 my_root_ca ...
[2] List the serial # of my root ca
[3] Generate intermediate CA by:
init_ca --pathlen=1 --parent='74:99:4C:CD:E1:35:40:B3:8D:58:5E:68:10:60:E0:94' my_server_ca "/C=US/ST=MyState/L=MyCity/O=Org/CN=my_server_ca"
The generate intermediate CA has the "issuer" equals itself, its own subject name, instead of the root ca. There might be a bug or I used it wrong?
Thanks for comments
Improve Django Admin Subject Input Form
Currently Django admin's subject input form is very limited when it comes to having multiple OIDs such as OUs and DCs. While limiting functionality the currently used widget also adds a lot of complexity to the overall codebase. (discussed in #75)
Some solutions from the top of my head would be:
- Improve the form to support Formsets with e.g. Django Dynamic Formset – Pro: best solution -- Con: tedious to implement
- Replace the currently used widget with a single
CharField– Pro: easy to implement & most flexibility; and arguably most usable too, as it's mainly power users that use CAs in the first place -- Con: UX suffers - Give users the ability via a
Checkboxto simply adopt theCSRs subject, so no form-input is required for more complex Subject names – Pro: nice-to-have feature, easy to implement -- Con: additional form complexity for the user and code-base
Validate dirNames
Currently dirNames aren't validated. This means that signing a cert with e.g. /CN=foo bar raises an exception because if it cn-in-san=True and is thus added as a DNSName SubjectAltName.
Generate private keys and CSR
django_ca does not support to generate CSR.
It could be useful to generate private keys, CSR and sign to create new certificates from the admin interface, command line or, at least, a method to do it.
Certificates with no SAN result in 500
Traceback (most recent call last):
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 668, in get_form
return modelform_factory(self.model, **defaults)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/forms/models.py", line 549, in modelform_factory
return type(form)(class_name, (form,), form_class_attrs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/forms/models.py", line 266, in new
raise FieldError(message)
django.core.exceptions.FieldError: Unknown field(s) (subjectAltName) specified for Certificate
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/exception.py", line 35, in inner
response = get_response(request)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/base.py", line 128, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/core/handlers/base.py", line 126, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 574, in wrapper
return self.admin_site.admin_view(view)(*args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 142, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/sites.py", line 223, in inner
return view(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1556, in change_view
return self.changeform_view(request, object_id, form_url, extra_context)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 62, in _wrapper
return bound_func(*args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 142, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/utils/decorators.py", line 58, in bound_func
return func.get(self, type(self))(*args2, **kwargs2)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1450, in changeform_view
return self._changeform_view(request, object_id, form_url, extra_context)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 1479, in _changeform_view
ModelForm = self.get_form(request, obj)
File "/usr/local/share/ca/main/ca/django_ca/admin.py", line 317, in get_form
return super(CertificateAdmin, self).get_form(request, obj=obj, **kwargs)
File "/usr/local/share/ca/main/lib/python3.5/site-packages/django/contrib/admin/options.py", line 672, in get_form
% (e, self.class.name)
django.core.exceptions.FieldError: Unknown field(s) (subjectAltName) specified for Certificate. Check fields/fieldsets/exclude attributes of class CertificateAdmin.
Apache Error 500
Hello, I can not get the Django-ca web interface working, I still have a 500 error With apache under Ubuntu 18.04
<VirtualHost *:80>
ServerName ca.example.com
Alias /static/ /opt/django-ca/ca/static/
WSGIDaemonProcess django_ca processes=1 python-path=/opt/django-ca/ca:/opt/django-ca/ca/ca:/opt/django-ca/lib/python2.7/site-packages threads=5
WSGIProcessGroup django_ca
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /opt/django-ca/ca/ca/wsgi.py
<Directory /opt/django-ca/ca>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
<Directory /opt/django-ca/ca/static>
Require all granted
</Directory>
WSGIDaemonProcess django_ca processes=1 python-path =>
/opt/django-ca/lib/python2.7/site-packages => not found i have /opt/django-ca/lib/python3.6
Download bundled certs
I believe the certificate bundle file is in wrong order, currently it starts with root certificate, intermediate certificate(s) and at the end of the file the certificate itself. As far as I know and how I am using certificates on my systems require the chain to start with the certificate, intermediate(s) and at the end the root certificate.
The 'django_ca.templatetags' package missing from installation
In setup.py:setup, django_ca.templatetags isn't included in the packages configuration, so these don't get distributed at all in either an sdist or an install. This causes the admin integration for certificates to fail to render.
Invalid ASN.1 exception when adding otherName as SAN
Adding an otherName field to subjectAltName – e.g. otherName:2.5.4.3;UTF8:example.com – raises an Invalid ASN.1 data exception. I fiddled around a bit trying with different values and oids but always ends in the same exception.
Just did a fresh install yesterday from Git; but also doesn't work on my local machine with:
asn1crypto==1.4.0
cryptography==3.4.6
Sample command for copy-pasting: python manage.py sign_cert --alt "otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[email protected]" --csr dummy.csr --out dummy.pub --enduser
Renew certificate
Wouldn't it make sense to have a renew certificate function which reuses the CSR, DN and all other parameters like subject alternative names etc.?
Unable to create first certificate
I did successfully create my Root CA and subordinate CA to sign keys. Creating a new test certificate from a CSR fails with the following error:
Environment:
Request Method: POST
Request URL: http://ca.example.com/admin/django_ca/certificate/add/
Django Version: 1.10.1
Python Version: 2.7.5
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'django_ca')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
Traceback:
File "/opt/django-ca/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
39. response = get_response(request)
File "/opt/django-ca/lib/python2.7/site-packages/django/core/handlers/base.py" in _legacy_get_response
249. response = self._get_response(request)
File "/opt/django-ca/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
187. response = self.process_exception_by_middleware(e, request)
File "/opt/django-ca/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
185. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/contrib/admin/options.py" in wrapper
544. return self.admin_site.admin_view(view)(*args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
149. response = view_func(request, *args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
57. response = view_func(request, *args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/contrib/admin/sites.py" in inner
211. return view(request, *args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/contrib/admin/options.py" in add_view
1509. return self.changeform_view(request, None, form_url, extra_context)
File "/opt/django-ca/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapper
67. return bound_func(*args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
149. response = view_func(request, *args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/utils/decorators.py" in bound_func
63. return func.__get__(self, type(self))(*args2, **kwargs2)
File "/opt/django-ca/lib/python2.7/site-packages/django/utils/decorators.py" in inner
185. return func(*args, **kwargs)
File "/opt/django-ca/lib/python2.7/site-packages/django/contrib/admin/options.py" in changeform_view
1449. self.save_model(request, new_object, form, not add)
File "/opt/django-ca/ca/django_ca/admin.py" in save_model
321. extendedKeyUsage=data['extendedKeyUsage'],
File "/opt/django-ca/ca/django_ca/managers.py" in init
246. cert.sign(ca.key, str(algorithm)) # str() to force py2 unicode to str
File "/opt/django-ca/lib/python2.7/site-packages/OpenSSL/crypto.py" in sign
1069. _openssl_assert(sign_result > 0)
File "/opt/django-ca/lib/python2.7/site-packages/OpenSSL/_util.py" in openssl_assert
61. exception_from_error_queue(error)
File "/opt/django-ca/lib/python2.7/site-packages/OpenSSL/_util.py" in exception_from_error_queue
48. raise exception_type(errors)
Exception Type: Error at /admin/django_ca/certificate/add/
Exception Value: [('rsa routines', 'RSA_setup_blinding', 'BN lib'), ('rsa routines', 'RSA_EAY_PRIVATE_ENCRYPT', 'internal error'), ('asn1 encoding routines', 'ASN1_item_sign_ctx', 'EVP lib')]
Do you know how I can fix this? I am running a standalone installation like described here: http://django-ca.readthedocs.io/en/latest/install.html#as-standalone-project
Thanks!
TemplateDoesNotExist error
Hi, when i want to add a new Cert via Admin Website a TemplateDoesNotExist is raised.
django_ca: 1.17.2 (via pip)
django: 3.1.7
python: 3.9
to reproduce:
- start fresh django project with django_ca as
INSTALLED_APP, migrate, collectstatic, createsuperuser. - create new ca via manage.py
- try to add certs via Admin Webpage -->
TemplateDoesNotExist
i notice, in my $VENV_DIR/lib/python3.9/site-packages/django_ca folder there is no templates folder.
After i manuell copied it from github it worked.
CRL should (probably) not include the CRL distribution point URL
When creating a CA with a CRL URL, I find that OpenSSL fails to validate certificates signed by the CA. The reason seems to be that both certificates and the CRL include the CRL URL. If the CRL does not include that distribution point URL, validation succeeds.
Steps to reproduce:
- Create a "RootCA" with CRL:
manage.py init_ca --crl-url=http://pki.domain/crl/RootCA.crl RootCA /CN=RootCA. - In the admin site, download the CA as PEM format to "rootca.pem".
- In the admin site, create a certificate "Cert1" with some CSR and common name. Download the certificate as "Cert1.pem".
- Run
manage.py dump_crl -f PEM --ca [ROOT_CA_SERIAL] RootCA_crl.pem.
Now, using all the files gathered before, let's try to validate the certificate:
- Run
openssl verify -no-CAfile -no-CApath -crl_check_all -CRLfile RootCA_crl.pem -CAfile rootca.pem Cert1.pem
Result: Step 5. fails with error:
[RootCA subject]
error 44 at 1 depth lookup: Different CRL scope
error Cert1.pem: verification failed
I managed to make the validation work with the following:
- In the admin site, edit the CA to remove the CRL URL.
- Run
manage.py dump_crl -f PEM --ca [ROOT_CA_SERIAL] RootCA_crl_wo_distribution_points.pem. - Run
openssl verify -no-CAfile -no-CApath -crl_check_all -CRLfile RootCA_crl_wo_distribution_points.pem -CAfile rootca.pem Cert1.pem
This gives:
Cert1.pem: OK
The certificates and CRL files can be examined with the following commands:
openssl x509 -noout -text -in Cert1.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:20:70:95:23:ae:72:e0:74:df:e2:66:d4:3b:3d:46:d4:b9:4a:e7
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN = RootCA
Validity
Not Before: Aug 21 20:08:00 2020 GMT
Not After : Aug 21 00:00:00 2022 GMT
Subject: CN = Cert1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:96:ca:64:94:ed:87:d0:91:22:9f:e6:8c:86:4f:
1d:c4:2f:2a:e0:30:6e:c8:80:08:23:0a:ab:4e:7f:
[...]
26:0b:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:D7:C5:7F:D8:74:40:96:40:2C:E8:4C:BF:D4:C5:EF:44:64:1F:B9:BD
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.domain/crl/RootCA_crl.pem
X509v3 Subject Alternative Name:
DNS:Cert1
X509v3 Subject Key Identifier:
B7:3A:C8:4D:3A:53:3B:9E:2C:90:20:FA:AC:10:F6:D5:7E:BC:E2:01
Signature Algorithm: sha512WithRSAEncryption
03:06:50:69:df:55:50:ff:03:7b:5b:d0:ed:d4:04:0d:91:6b:
08:a7:39:22:c2:4e:62:9d:d1:a6:f4:a0:f7:9a:0d:c2:fc:be:
[...]
e2:e0:2f:e6:dd:bf:e3:79
openssl crl -text -in RootCA_crl.pem -noout
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN = RootCA
Last Update: Aug 21 20:10:21 2020 GMT
Next Update: Aug 22 20:10:21 2020 GMT
CRL extensions:
X509v3 Issuing Distribution Point: critical
Full Name:
URI:http://pki.domain/crl/RootCA_crl.pem
X509v3 Authority Key Identifier:
keyid:D7:C5:7F:D8:74:40:96:40:2C:E8:4C:BF:D4:C5:EF:44:64:1F:B9:BD
X509v3 CRL Number:
1
No Revoked Certificates.
Signature Algorithm: sha512WithRSAEncryption
2f:ae:42:8c:ed:ad:49:5a:5a:f6:32:d4:d5:4e:3c:0a:82:ef:
08:11:4c:82:13:c4:1e:2a:e4:46:c6:06:1f:99:85:f8:66:94:
[...]
9b:24:92:96:bf:a8:24:6a
openssl crl -text -in RootCA_crl_wo_distribution_points.pem -noout
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha512WithRSAEncryption
Issuer: CN = RootCA
Last Update: Aug 21 21:06:04 2020 GMT
Next Update: Aug 22 21:06:04 2020 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:D7:C5:7F:D8:74:40:96:40:2C:E8:4C:BF:D4:C5:EF:44:64:1F:B9:BD
X509v3 CRL Number:
2
No Revoked Certificates.
Signature Algorithm: sha512WithRSAEncryption
6a:bc:94:29:19:e3:e9:e9:49:59:41:a4:1a:52:03:8e:34:24:
68:d2:b7:6a:4b:f7:c0:a3:fe:34:c9:47:c9:76:21:6c:f3:53:
[...]
c6:c4:21:2c:4e:6b:91:2a
They show that the only difference between the two tests is that, in the first case, the CRL includes the "CRL distribution points" extension with a URL, while it does not in the second case. I don't know the details regarding CRLs, but I guess that the error exists so that the snake does not eats its tail by preventing OpenSSL to check the revocation status of the CRL itself, using... that same CRL.
When you look at CRLs from reputed CA, they don't include a CRL URL in their CRL files:
RFC - Supporting OpenSSH certificates
First of all, thanks for django-ca!! I'm finding this library most beneficial.
I would would like to implement an OpenSSH CA service as well. One way to start might be to add support for CA certs with Ed25519 private keys. Once that's done, I could perhaps move to a PR generating CA-signed public keys.
I am willing to just add the functionality in my own project. However, I'd be open to doing it as a PR to merge into this library, if you're interested in that. Perhaps you're only interested in x509 certs. (And I'm not sure if my coding standards would meet your expectations!)
What are your thoughts?
"acme" extra depends on josepy>1.5.0 but it's not available on PyPI
Dear Mathias,
we just found pip install django-ca[acme] will croak because the most recent version of its dependency josepy [1] is 1.5.0 but django-ca[acme] says it will need josepy>1.5.0 [2].
This is probably just a typo?
With kind regards,
Andreas.
[1] https://pypi.org/project/josepy/
[2] https://github.com/mathiasertl/django-ca/blob/1.17.0/setup.py#L91
Migrations fail when installing from pypi
It seems some additional migrations are left in the package downloaded from pypi.
I get the following error when applying migrations:
django.db.utils.OperationalError: table "django_ca_certificateauthority" already exists
Multiple OUs
I currently have a situation where I would like to have two OUs in the DN. This is allowed by the specs. Django-ca however only selects the last OU from the command line, dropping the other.
Can't run migrations
I think with the added CA_CUSTOM_APPS, an issue has been introduced and I can't run migrations.
The traceback I get is:
Traceback (most recent call last):
File "ca/manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/usr/local/share/ca/alex/lib/python3.6/site-packages/django/core/management/init.py", line 371, in execute_from_command_line
utility.execute()
File "/usr/local/share/ca/alex/lib/python3.6/site-packages/django/core/management/init.py", line 347, in execute
django.setup()
File "/usr/local/share/ca/alex/lib/python3.6/site-packages/django/init.py", line 24, in setup
apps.populate(settings.INSTALLED_APPS)
File "/usr/local/share/ca/alex/lib/python3.6/site-packages/django/apps/registry.py", line 89, in populate
app_config = AppConfig.create(entry)
File "/usr/local/share/ca/alex/lib/python3.6/site-packages/django/apps/config.py", line 90, in create
module = import_module(entry)
File "/usr/local/share/ca/alex/lib/python3.6/importlib/init.py", line 117, in import_module
if name.startswith('.'):
AttributeError: 'list' object has no attribute 'startswith'
init_ca fails on Windows due to colons in key_path
When I run manage.py init_ca ..., it results failure with following error message; Using colons in path is not allowed on Windows.
CommandError: [Errno 22] Invalid argument: 'C:\\Users\\sakurai\\Desktop\\test-ca\\files\\33:01:2C:1F:74:BC:7A:38:79:09:1D:CF:5B:B1:91:4A:30:83:E3:FF.key'
Workaround
Patch django_ca.utils.add_colons like this; It enables manage.py init_ca ... to pass without error at least.
from django_ca import utils
utils.add_colons = lambda s: s
Revisit CA_PROFILES setting
Docs seem to be out of date (see example), check if everything really works!
command sign_cert: can't compare offset-naive and offset-aware datetimes
this is a reopen for #14
I'm getting the same error when running sign_cert, with or without specifying the --expires parameter. The fix mentioned for management/base.py fixes this issue.
python manage.py sign_cert --expires=365 --alt test.example.com
File "/home/user/.virtualenvs/sandbox/local/lib/python2.7/site-packages/django_ca/management/commands/sign_cert.py", line 118, in handle
if ca.expires < options['expires']:
TypeError: can't compare offset-naive and offset-aware datetimes
Here are the values being compared. One is aware, the other is not:
ca.expires = 2027-10-13 00:00:00+00:00
options['expires'] = 2018-10-15 00:00:00
>>> from datetime import datetime, timedelta
>>> from django.utils import six, timezone
>>> value = 365
#original code produces timezone naive datetime
>>> now = datetime.utcnow().replace(hour=0, minute=0, second=0, microsecond=0)
>>> now + timedelta(days=value + 1)
datetime.datetime(2018, 10, 15, 0, 0)
#suggested fix produces timezone aware datetime
>>> now = datetime.now().replace(hour=0, minute=0, second=0, microsecond=0)
>>> timezone.make_aware(now + timedelta(days=value + 1), timezone.get_current_timezone())
datetime.datetime(2018, 10, 15, 0, 0, tzinfo=<UTC>)```
docker latest still on 1.11.0
docker hub still has the latest tag on 1.11.0
can this move forward to the latest on new releases?
celery: Object of type timedelta is not JSON serializable
django-ca 1.18.0 via pip
command: python manage.py regenerate_ocsp_keys
with CA_USE_CELERY = False the command worked.
with CA_USE_CELERY = True this error raise:
in Celery i use redis as broker and result backend.
Traceback (most recent call last):
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 42, in _reraise_errors
yield
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 213, in dumps
payload = encoder(data)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/utils/json.py", line 68, in dumps
return _dumps(s, cls=cls or _default_encoder,
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/__init__.py", line 398, in dumps
return cls(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 296, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 378, in iterencode
return _iterencode(o, 0)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/utils/json.py", line 58, in default
return super().default(o)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 272, in default
raise TypeError('Object of type %s is not JSON serializable' %
TypeError: Object of type timedelta is not JSON serializable
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "manage.py", line 22, in <module>
main()
File "manage.py", line 18, in main
execute_from_command_line(sys.argv)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
utility.execute()
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django/core/management/__init__.py", line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django/core/management/base.py", line 354, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django/core/management/base.py", line 398, in execute
output = self.handle(*args, **options)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django_ca/management/commands/regenerate_ocsp_keys.py", line 107, in handle
run_task(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/django_ca/tasks.py", line 69, in run_task
return task.delay(*args, **kwargs)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/celery/app/task.py", line 422, in delay
return self.apply_async(args, kwargs)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/celery/app/task.py", line 572, in apply_async
return app.send_task(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/celery/app/base.py", line 767, in send_task
amqp.send_task_message(P, name, message, **options)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/celery/app/amqp.py", line 510, in send_task_message
ret = producer.publish(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/messaging.py", line 166, in publish
body, content_type, content_encoding = self._prepare(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/messaging.py", line 254, in _prepare
body) = dumps(body, serializer=serializer)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 213, in dumps
payload = encoder(data)
File "/usr/lib/python3.8/contextlib.py", line 131, in __exit__
self.gen.throw(type, value, traceback)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 46, in _reraise_errors
reraise(wrapper, wrapper(exc), sys.exc_info()[2])
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/exceptions.py", line 21, in reraise
raise value.with_traceback(tb)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 42, in _reraise_errors
yield
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/serialization.py", line 213, in dumps
payload = encoder(data)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/utils/json.py", line 68, in dumps
return _dumps(s, cls=cls or _default_encoder,
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/__init__.py", line 398, in dumps
return cls(
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 296, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 378, in iterencode
return _iterencode(o, 0)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/kombu/utils/json.py", line 58, in default
return super().default(o)
File "/home/luser/.local/share/virtualenvs/ebitadmin_v2-2gCVKXqd/lib/python3.8/site-packages/simplejson/encoder.py", line 272, in default
raise TypeError('Object of type %s is not JSON serializable' %
kombu.exceptions.EncodeError: Object of type timedelta is not JSON serializable
Wrong authority key identifier in CRL when using intermediate CAs
When creating intermediate CAs with a CRL, the CRL generated and signed by an intermediate authority gets an Authority Key Identifier corresponding to the CA that issued the intermediate CA. The CRL Issuer, however, designates the intermediate CA. According to RFC 5280, the key identifier should point to the intermediate CA that signed the CRL:
5.2.1. Authority Key Identifier
The authority key identifier extension provides a means of
identifying the public key corresponding to the private key used to
sign a CRL. The identification can be based on either the key
identifier (the subject key identifier in the CRL signer’s
certificate) or the issuer name and serial number. This extension is
especially useful where an issuer has more than one signing key,
either due to multiple concurrent key pairs or due to changeover.
I think the problem is at the line below in models.py (in def get_crl(...)), where self refers to an instance of the intermediate CA. Instead of adding to the CRL an extension referring to the subject of the CA in self, the extension added refers to the issuer of the CA. Therefore, the problem only occurs for the CRLs of intermediate CAs, as for the root CA, subject and issuer are the same.
aki = self.x509.extensions.get_extension_for_oid(ExtensionOID.AUTHORITY_KEY_IDENTIFIER)
command sign_cert: can't compare offset-naive and offset-aware datetimes
Errors on files utils.py and management/base.py.
See patches below:
--- old/management/base.py 2017-02-07 13:24:52.705758985 +0100
+++ new/management/base.py 2017-02-07 13:31:55.385237289 +0100
@@ -26,7 +26,7 @@
from django.core.management.base import OutputWrapper
from django.core.management.color import no_style
from django.core.validators import URLValidator
-from django.utils import six
+from django.utils import six, timezone
from django_ca import ca_settings
from django_ca.utils import is_power2
@@ -142,9 +142,8 @@
def _get_delta(self, value):
now = self.now
if now is None: # pragma: no cover
- now = datetime.utcnow().replace(hour=0, minute=0, second=0, microsecond=0)
-
- return now + timedelta(days=value + 1)
+ now = datetime.now().replace(hour=0, minute=0, second=0, microsecond=0)
+ return timezone.make_aware(now + timedelta(days=value + 1), timezone.get_current_timezone())
def __call__(self, parser, namespace, value, option_string=None):
if value < 0:--- old/utils.py 2017-02-07 13:36:03.628840802 +0100
+++ new/utils.py 2017-02-07 13:35:44.293417810 +0100
@@ -29,6 +29,7 @@
from django.utils.encoding import force_text
from django.utils.functional import Promise
from django.utils.translation import ugettext_lazy as _
+from django.utils import timezone
from OpenSSL import crypto
@@ -194,8 +195,9 @@
When this certificate will expire.
"""
if now is None: # pragma: no cover
- now = datetime.utcnow()
+ now = datetime.now()
now = now.replace(second=0, microsecond=0)
+ now = timezone.make_aware(now, timezone.get_current_timezone())
if expires < now:
raise ValueError("Expires must not be negative.")How to create an intermediate CA under a root CA
Hi,
I'm able to create a root ca by init_ca, and try to create a hierarchy of CAs. Can you advise how to do that?
Thanks for comments
Installation does not install static or template files
When I run an install either via pip or via a python setup.py install, the ca/django_ca/static and ca/django_ca/templates directories are missing, causing parts of the admin site to fail to render.
I believe the source of the issue is that your setup.py:setup function doesn't define a package_data for non-Python distributable files (docs here). The MANIFEST.in file only works for sdist (as documented here), hence only that command appears to work.
BTW, kudos, I like what you've done with this app!
Method to sign certificate on CA model
Add a method on the CertificateAutority model to sign Certificates, something like:
CertificateAuthority.sign(Certificate,algorithm=sha512,expires=None,subject=None,profile=DEFAULT_PROFILE,.....)
Horizontal Privilege scalation - Download certificates without privs
Hi,
If you create staff users on Django. Even if they don't have enough privileges to access to the CAs, it's possible to download the CA Certs in PEM format, for example through this URL:
- /admin/django_ca/certificateauthority/1/download/?format=PEM
Steps to replicate
- Create a django project and add django-ca.
- Add django.admin and synchronize the database.
- Create the initial CA and superuser
- Login onto the admin portal as admin
- Create a user and set as "staff"
- Login with this user. It won't have enough privs to access to anything by default. But...
- Open the following URL:
- /admin/django_ca/certificateauthority/1/download/?format=PEM
The Certificate of the CA will be downloaded.
CAs should not expire before their issued entities
End certs and intermediate CAs should not outlive their parent CAs.
Thanks
docker compose up fails with errors reaching cache and db
I am following the docs for trying django-ca out with the included docker-compose.yml file and receiving errors (see below.) I would really appreciate your help in resolving whatever issues I am running into.
Here are my OS details:
$ cat /etc/os-release
NAME="CentOS Linux"
VERSION="8 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Linux 8 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-8"
CENTOS_MANTISBT_PROJECT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
$ sestatus
SELinux status: disabled
Here are my docker details:
$ docker --version
Docker version 19.03.8, build afacb8b
$ docker-compose --version
docker-compose version 1.25.0, build 0a186604
Here is the output that I get after cloning a fresh copy and running the commands:
$ DJANGO_CA_CA_DEFAULT_HOSTNAME=foo.bar.com POSTGRES_PASSWORD=password123 docker-compose up
Creating network "django-ca_cache" with the default driver
Creating network "django-ca_database" with the default driver
Creating network "django-ca_frontend" with the default driver
Creating network "django-ca_public" with the default driver
Creating volume "django-ca_shared" with default driver
Creating volume "django-ca_static" with default driver
Creating volume "django-ca_shared_ca_dir" with default driver
Creating volume "django-ca_ocsp_key_dir" with default driver
Creating volume "django-ca_nginx_config" with default driver
Pulling cache (redis:5-alpine)...
5-alpine: Pulling from library/redis
cbdbe7a5bc2a: Pull complete
dc0373118a0d: Pull complete
cfd369fe6256: Pull complete
3e45770272d9: Pull complete
558de8ea3153: Pull complete
a2c652551612: Pull complete
Digest: sha256:83a3af36d5e57f2901b4783c313720e5fa3ecf0424ba86ad9775e06a9a5e35d0
Status: Downloaded newer image for redis:5-alpine
Pulling db (postgres:12-alpine)...
12-alpine: Pulling from library/postgres
cbdbe7a5bc2a: Already exists
b52a8a2ca21a: Pull complete
e36a19831e31: Pull complete
f4dcdeed24b7: Pull complete
e261f2444b0a: Pull complete
0ff301de3ecf: Pull complete
1d858bf02c95: Pull complete
7958b7df2951: Pull complete
Digest: sha256:9ea72265275674225b1eaa2ae897dd244028af4ee7ef6e4e89fe474938e0992e
Status: Downloaded newer image for postgres:12-alpine
Pulling backend (mathiasertl/django-ca:latest)...
latest: Pulling from mathiasertl/django-ca
e6b0cf9c0882: Pull complete
da0e9bf0cc60: Pull complete
c9ea274ed700: Pull complete
9cfac6ba3733: Pull complete
f6a933c9cadc: Pull complete
daae7c0b60c6: Pull complete
9858e21a61d3: Pull complete
9e907b941929: Pull complete
3faef82179cb: Pull complete
b83c764ad0da: Pull complete
1f4a3b7e76d2: Pull complete
4d05ee040dba: Pull complete
03ee376c0e0b: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:6fe88dc00d39d16365e95e8fed085c14214e19964718ba2ca3508b8fedb5c8a7
Status: Downloaded newer image for mathiasertl/django-ca:latest
Pulling webserver (nginx:1.17-alpine)...
1.17-alpine: Pulling from library/nginx
cbdbe7a5bc2a: Already exists
c554c602ff32: Pull complete
Digest: sha256:763e7f0188e378fef0c761854552c70bbd817555dc4de029681a2e972e25e30e
Status: Downloaded newer image for nginx:1.17-alpine
Creating django-ca_cache_1 ... done
Creating django-ca_db_1 ... done
Creating django-ca_backend_1 ... done
Creating django-ca_frontend_1 ... done
Creating django-ca_webserver_1 ... done
Attaching to django-ca_cache_1, django-ca_db_1, django-ca_frontend_1, django-ca_backend_1, django-ca_webserver_1
cache_1 | 1:C 13 May 2020 22:29:26.365 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
cache_1 | 1:C 13 May 2020 22:29:26.365 # Redis version=5.0.9, bits=64, commit=00000000, modified=0, pid=1, just started
cache_1 | 1:C 13 May 2020 22:29:26.365 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
cache_1 | 1:M 13 May 2020 22:29:26.365 * Running mode=standalone, port=6379.
cache_1 | 1:M 13 May 2020 22:29:26.365 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
cache_1 | 1:M 13 May 2020 22:29:26.365 # Server initialized
cache_1 | 1:M 13 May 2020 22:29:26.365 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
cache_1 | 1:M 13 May 2020 22:29:26.365 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
cache_1 | 1:M 13 May 2020 22:29:26.365 * Ready to accept connections
backend_1 | Sleep for 1 seconds to wait for secret key...
db_1 | The files belonging to this database system will be owned by user "postgres".
db_1 | This user must also own the server process.
db_1 |
db_1 | The database cluster will be initialized with locale "en_US.utf8".
db_1 | The default database encoding has accordingly been set to "UTF8".
db_1 | The default text search configuration will be set to "english".
db_1 |
db_1 | Data page checksums are disabled.
db_1 |
db_1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok
db_1 | creating subdirectories ... ok
db_1 | selecting dynamic shared memory implementation ... posix
db_1 | selecting default max_connections ... 100
db_1 | selecting default shared_buffers ... 128MB
db_1 | selecting default time zone ... UTC
db_1 | creating configuration files ... ok
db_1 | running bootstrap script ... ok
db_1 | performing post-bootstrap initialization ... sh: locale: not found
db_1 | 2020-05-13 22:29:26.797 UTC [30] WARNING: no usable system locales were found
db_1 | ok
db_1 | syncing data to disk ... ok
db_1 |
db_1 |
db_1 | Success. You can now start the database server using:
db_1 |
db_1 | pg_ctl -D /var/lib/postgresql/data -l logfile start
db_1 |
frontend_1 | Create secret key at /var/lib/django-ca/shared/secret-key...
frontend_1 | + python manage.py migrate --noinput
db_1 | initdb: warning: enabling "trust" authentication for local connections
db_1 | You can change this by editing pg_hba.conf or using the option -A, or
db_1 | --auth-local and --auth-host, the next time you run initdb.
db_1 | waiting for server to start....2020-05-13 22:29:27.181 UTC [35] LOG: starting PostgreSQL 12.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 9.2.0) 9.2.0, 64-bit
db_1 | 2020-05-13 22:29:27.183 UTC [35] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1 | 2020-05-13 22:29:27.199 UTC [36] LOG: database system was shut down at 2020-05-13 22:29:27 UTC
db_1 | 2020-05-13 22:29:27.201 UTC [35] LOG: database system is ready to accept connections
db_1 | done
db_1 | server started
db_1 |
db_1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
db_1 |
db_1 | waiting for server to shut down....2020-05-13 22:29:27.278 UTC [35] LOG: received fast shutdown request
db_1 | 2020-05-13 22:29:27.279 UTC [35] LOG: aborting any active transactions
db_1 | 2020-05-13 22:29:27.280 UTC [35] LOG: background worker "logical replication launcher" (PID 42) exited with exit code 1
db_1 | 2020-05-13 22:29:27.281 UTC [37] LOG: shutting down
db_1 | 2020-05-13 22:29:27.290 UTC [35] LOG: database system is shut down
db_1 | done
db_1 | server stopped
db_1 |
db_1 | PostgreSQL init process complete; ready for start up.
db_1 |
db_1 | 2020-05-13 22:29:27.384 UTC [1] LOG: starting PostgreSQL 12.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 9.2.0) 9.2.0, 64-bit
db_1 | 2020-05-13 22:29:27.384 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
db_1 | 2020-05-13 22:29:27.384 UTC [1] LOG: listening on IPv6 address "::", port 5432
db_1 | 2020-05-13 22:29:27.385 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
db_1 | 2020-05-13 22:29:27.394 UTC [44] LOG: database system was shut down at 2020-05-13 22:29:27 UTC
db_1 | 2020-05-13 22:29:27.396 UTC [1] LOG: database system is ready to accept connections
frontend_1 | /usr/src/django-ca/ca/ca/settings.py:186: UserWarning: localsettings.py is deprecated and will be removed in django-ca>=1.18.
frontend_1 | warnings.warn('localsettings.py is deprecated and will be removed in django-ca>=1.18.')
backend_1 | + exec celery worker -A ca -B -s /var/lib/django-ca/celerybeat-schedule -l warning
backend_1 | /usr/src/django-ca/ca/ca/settings.py:186: UserWarning: localsettings.py is deprecated and will be removed in django-ca>=1.18.
backend_1 | warnings.warn('localsettings.py is deprecated and will be removed in django-ca>=1.18.')
frontend_1 | Traceback (most recent call last):
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | psycopg2.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
frontend_1 |
frontend_1 | The above exception was the direct cause of the following exception:
frontend_1 |
frontend_1 | Traceback (most recent call last):
frontend_1 | File "manage.py", line 10, in
frontend_1 | execute_from_command_line(sys.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 401, in execute_from_command_line
frontend_1 | utility.execute()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 395, in execute
frontend_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 328, in run_from_argv
frontend_1 | self.execute(*args, **cmd_options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 369, in execute
frontend_1 | output = self.handle(*args, **options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 83, in wrapped
frontend_1 | res = handle_func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/commands/migrate.py", line 86, in handle
frontend_1 | executor = MigrationExecutor(connection, self.migration_progress_callback)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init
frontend_1 | self.loader = MigrationLoader(self.connection)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 49, in init
frontend_1 | self.build_graph()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 212, in build_graph
frontend_1 | self.applied_migrations = recorder.applied_migrations()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 76, in applied_migrations
frontend_1 | if self.has_table():
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 56, in has_table
frontend_1 | return self.Migration._meta.db_table in self.connection.introspection.table_names(self.connection.cursor())
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in cursor
frontend_1 | return self._cursor()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 236, in _cursor
frontend_1 | self.ensure_connection()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 90, in exit
frontend_1 | raise dj_exc_value.with_traceback(traceback) from exc_value
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | django.db.utils.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
backend_1 | [2020-05-13 22:29:30,351: ERROR/MainProcess] consumer: Cannot connect to redis://cache:6379/0: Error 113 connecting to cache:6379. Host is unreachable..
backend_1 | Trying again in 2.00 seconds...
backend_1 |
frontend_1 | /usr/src/django-ca/ca/ca/settings.py:186: UserWarning: localsettings.py is deprecated and will be removed in django-ca>=1.18.
frontend_1 | warnings.warn('localsettings.py is deprecated and will be removed in django-ca>=1.18.')
frontend_1 | Traceback (most recent call last):
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | psycopg2.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
frontend_1 |
frontend_1 | The above exception was the direct cause of the following exception:
frontend_1 |
frontend_1 | Traceback (most recent call last):
frontend_1 | File "manage.py", line 10, in
frontend_1 | execute_from_command_line(sys.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 401, in execute_from_command_line
frontend_1 | utility.execute()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 395, in execute
frontend_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 328, in run_from_argv
frontend_1 | self.execute(*args, **cmd_options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 369, in execute
frontend_1 | output = self.handle(*args, **options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 83, in wrapped
frontend_1 | res = handle_func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/commands/migrate.py", line 86, in handle
frontend_1 | executor = MigrationExecutor(connection, self.migration_progress_callback)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init
frontend_1 | self.loader = MigrationLoader(self.connection)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 49, in init
frontend_1 | self.build_graph()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 212, in build_graph
frontend_1 | self.applied_migrations = recorder.applied_migrations()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 76, in applied_migrations
frontend_1 | if self.has_table():
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 56, in has_table
frontend_1 | return self.Migration._meta.db_table in self.connection.introspection.table_names(self.connection.cursor())
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in cursor
frontend_1 | return self._cursor()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 236, in _cursor
frontend_1 | self.ensure_connection()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 90, in exit
frontend_1 | raise dj_exc_value.with_traceback(traceback) from exc_value
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | django.db.utils.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
django-ca_frontend_1 exited with code 1
backend_1 | [2020-05-13 22:29:33,358: ERROR/MainProcess] consumer: Cannot connect to redis://cache:6379/0: Error 113 connecting to cache:6379. Host is unreachable..
backend_1 | Trying again in 4.00 seconds...
backend_1 |
frontend_1 | /usr/src/django-ca/ca/ca/settings.py:186: UserWarning: localsettings.py is deprecated and will be removed in django-ca>=1.18.
frontend_1 | warnings.warn('localsettings.py is deprecated and will be removed in django-ca>=1.18.')
frontend_1 | Traceback (most recent call last):
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | psycopg2.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
frontend_1 |
frontend_1 | The above exception was the direct cause of the following exception:
frontend_1 |
frontend_1 | Traceback (most recent call last):
frontend_1 | File "manage.py", line 10, in
frontend_1 | execute_from_command_line(sys.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 401, in execute_from_command_line
frontend_1 | utility.execute()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 395, in execute
frontend_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 328, in run_from_argv
frontend_1 | self.execute(*args, **cmd_options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 369, in execute
frontend_1 | output = self.handle(*args, **options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 83, in wrapped
frontend_1 | res = handle_func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/commands/migrate.py", line 86, in handle
frontend_1 | executor = MigrationExecutor(connection, self.migration_progress_callback)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init
frontend_1 | self.loader = MigrationLoader(self.connection)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 49, in init
frontend_1 | self.build_graph()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 212, in build_graph
frontend_1 | self.applied_migrations = recorder.applied_migrations()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 76, in applied_migrations
frontend_1 | if self.has_table():
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 56, in has_table
frontend_1 | return self.Migration._meta.db_table in self.connection.introspection.table_names(self.connection.cursor())
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in cursor
frontend_1 | return self._cursor()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 236, in _cursor
frontend_1 | self.ensure_connection()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 90, in exit
frontend_1 | raise dj_exc_value.with_traceback(traceback) from exc_value
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | django.db.utils.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
django-ca_frontend_1 exited with code 1
frontend_1 | /usr/src/django-ca/ca/ca/settings.py:186: UserWarning: localsettings.py is deprecated and will be removed in django-ca>=1.18.
frontend_1 | warnings.warn('localsettings.py is deprecated and will be removed in django-ca>=1.18.')
frontend_1 | Traceback (most recent call last):
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | psycopg2.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
frontend_1 |
frontend_1 | The above exception was the direct cause of the following exception:
frontend_1 |
frontend_1 | Traceback (most recent call last):
frontend_1 | File "manage.py", line 10, in
frontend_1 | execute_from_command_line(sys.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 401, in execute_from_command_line
frontend_1 | utility.execute()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/init.py", line 395, in execute
frontend_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 328, in run_from_argv
frontend_1 | self.execute(*args, **cmd_options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 369, in execute
frontend_1 | output = self.handle(*args, **options)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/base.py", line 83, in wrapped
frontend_1 | res = handle_func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/core/management/commands/migrate.py", line 86, in handle
frontend_1 | executor = MigrationExecutor(connection, self.migration_progress_callback)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/executor.py", line 18, in init
frontend_1 | self.loader = MigrationLoader(self.connection)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 49, in init
frontend_1 | self.build_graph()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/loader.py", line 212, in build_graph
frontend_1 | self.applied_migrations = recorder.applied_migrations()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 76, in applied_migrations
frontend_1 | if self.has_table():
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/migrations/recorder.py", line 56, in has_table
frontend_1 | return self.Migration._meta.db_table in self.connection.introspection.table_names(self.connection.cursor())
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 260, in cursor
frontend_1 | return self._cursor()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 236, in _cursor
frontend_1 | self.ensure_connection()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/utils.py", line 90, in exit
frontend_1 | raise dj_exc_value.with_traceback(traceback) from exc_value
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 220, in ensure_connection
frontend_1 | self.connect()
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/base/base.py", line 197, in connect
frontend_1 | self.connection = self.get_new_connection(conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/utils/asyncio.py", line 26, in inner
frontend_1 | return func(*args, **kwargs)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/django/db/backends/postgresql/base.py", line 185, in get_new_connection
frontend_1 | connection = Database.connect(**conn_params)
frontend_1 | File "/usr/local/lib/python3.8/site-packages/psycopg2/init.py", line 126, in connect
frontend_1 | conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
frontend_1 | django.db.utils.OperationalError: could not connect to server: Host is unreachable
frontend_1 | Is the server running on host "db" (172.31.0.2) and accepting
frontend_1 | TCP/IP connections on port 5432?
frontend_1 |
django-ca_frontend_1 exited with code 1
backend_1 | [2020-05-13 22:29:38,414: ERROR/MainProcess] consumer: Cannot connect to redis://cache:6379/0: Error 113 connecting to cache:6379. Host is unreachable..
backend_1 | Trying again in 6.00 seconds...
backend_1 |
^CGracefully stopping... (press Ctrl+C again to force)
Stopping django-ca_webserver_1 ... done
Stopping django-ca_backend_1 ... done
Stopping django-ca_frontend_1 ... done
Stopping django-ca_db_1 ... done
Stopping django-ca_cache_1 ... done
Thank you
Add certificate property to check if the certificate is valid or not
Hi,
There is no easy way to check if a certificate is valid or not based on expiration date or revoked.
I suggest to add two properties:
"expired": like "revoked" but checking if the cert is expired or not
"valid": return true if not revoked or expired or false if expired or revoked.
Password protecting private keys
Hi,
I tried password protect the private key for an intermediate CA by running:
manage.py init_ca --pathlen=1 --parent=74:99:4C:CD:E1:35:40:B3:8D:58:5E:68:10:60:E0:94 --password=lainie_int_ca-5 lainie_int_ca-5 "/C=US/ST=MyState/L=MyCity/O=Org/CN=lainie_int_ca-5"
And got this error:
CommandError: Last argument must be string or callable
It still created the Certificate Authority lainie_int_ca-5, but the private key file under standalone/ca/files was empty with file size 0.
Thanks for your help!
Call manage.py check with all warnings
setup.py code_quality should call python -Wd manage.py check instead of using call_command().
Allow hooking
I'd love somewhere where I could specify a script to run or an http endpoint to ping when a certificate is issued. My particular case is that I'd like certificates to be uploaded to our LDAP directory when they're issued.
Unknown OID causes a 500 error.
When viewing imported certificates that were created with easy-rsa a 500 error is returned.
Unknown extension encountered: Unknown OID (2.16.840.1.113730.1.13)
This will probably also be the case with imported certificates created with xca's default settings since it pre-fills a Netscape Comment and provides an option to set a Netscape Cert Type.
Add ability to import CAs/Certs
Add ability to import CAs/Certs
Missing migration on pip
If you install django-ca using pip, and then use it on a django project, when you call makemigrations a new migration on the django-ca python library is created (if root, otherwise an error appears)
this is the migration:
# -*- coding: utf-8 -*-
# Generated by Django 1.11.7 on 2017-11-10 11:47
from __future__ import unicode_literals
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('django_ca', '0006_auto_20170505_1251'),
]
operations = [
migrations.AlterField(
model_name='certificateauthority',
name='parent',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='children', to='django_ca.CertificateAuthority'),
),
]Enable user to download bundled certs
At the moment it's not possible to download a bundled cert which holds me back from using django-ca flawless out of the box.
I think it should be possible to retrieve a download from the cert list admin to retrieve a cated cert including the cert, the root ca and all intermediates.
I may have time in the next days to implement this as a PR.
Any additional thoughts?
Indicate to add 'django_object_actions' in INSTALLED_APPS in the doc
The doc says to add django_ca to the INSTALLED_APPS, but it does not mention django_object_actions although it must also be included. Maybe the doc could be more clear about this?
ModuleNotFoundError: No module named 'django_ca.acme'
Dear Mathias,
first things first: Thanks a stack for conceiving and maintaining this excellent Python package.
We just gave the most recent version django-ca-1.17.0 a spin and found that when invoking python manage.py migrate after having installed vanilla django-ca, it croaks like:
File "/path/to/django_ca/models.py", line 60, in <module>
from .acme.constants import BASE64_URL_ALPHABET
ModuleNotFoundError: No module named 'django_ca.acme'
Indeed, when looking inside the sdist package [1], you can verify the acme folder is missing.
With kind regards,
Andreas.
Support ECC certificate
Is it support ecc certificate?
Add ability to resign certificates
We have the CSR, so django-ca should be able to just resign certificates via webinterface or CLI.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.