{"id":18451504,"url":"https://github.com/trasherdk/boundca","last_synced_at":"2026-03-13T20:08:11.612Z","repository":{"id":56714009,"uuid":"523945992","full_name":"trasherdk/boundca","owner":"trasherdk","description":"Create a PKI, sign and revoke server and client X.509 v3 SSL certificates. Setting up a trusted encrypted communication network was never so easy with BounCA. BounCA is a Python Django based webapplication, with a Vuetify frontend.","archived":false,"fork":false,"pushed_at":"2023-02-15T19:17:23.000Z","size":46677,"stargazers_count":3,"open_issues_count":3,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-11-06T07:38:06.935Z","etag":null,"topics":["certificate","pki","ssl"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trasherdk.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-08-12T03:42:59.000Z","updated_at":"2024-10-10T21:48:48.000Z","dependencies_parsed_at":"2024-11-06T07:40:44.085Z","dependency_job_id":null,"html_url":"https://github.com/trasherdk/boundca","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trasherdk%2Fboundca","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trasherdk%2Fboundca/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trasherdk%2Fboundca/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trasherdk%2Fboundca/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trasherdk","download_url":"https://codeload.github.com/trasherdk/boundca/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231175934,"owners_count":18339112,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate","pki","ssl"],"created_at":"2024-11-06T07:28:52.159Z","updated_at":"2026-03-13T20:08:06.592Z","avatar_url":"https://github.com/trasherdk.png","language":"Python","funding_links":["https://www.paypal.com/donate/?hosted_button_id=5C4W8F7XYQDZ4","https://www.paypal.com/donate/?hosted_button_id=5C4W8F7XYQDZ4)!"],"categories":[],"sub_categories":[],"readme":"\u003ca href=\"https://bounca.org/\"\u003e\n    \u003cimg src=\"https://www.bounca.org/_images/BounCA-logo.png\" alt=\"BounCA logo\" title=\"BounCA\" align=\"left\" height=\"60\" /\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://www.paypal.com/donate/?hosted_button_id=5C4W8F7XYQDZ4\"\u003e\n    \u003cimg src=\"https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif\" alt=\"Donate Button\" title=\"Donate\" align=\"right\" height=\"30\" /\u003e\n\u003c/a\u003e\n\n\n# BounCA PKI - Personal Key Management\n\nProtect your Data, Protect your Communication,\nProtect your Business, BounCA!\n\nBounCA as a Service: [https://app.bounca.org](https://app.bounca.org)\n\nMain repo is hosted at Gitlab:\n- Source: [https://gitlab.com/bounca/bounca](https://gitlab.com/bounca/bounca)\n- Packages: [https://gitlab.com/bounca/bounca/-/packages](https://gitlab.com/bounca/bounca/-/packages)\n- Issue tracker: [https://gitlab.com/bounca/bounca/-/issues](https://gitlab.com/bounca/bounca/-/issues)\n\nDon't forget to support us: [Donate here](https://www.paypal.com/donate/?hosted_button_id=5C4W8F7XYQDZ4)!\n\n## Introduction\n\nCreate a PKI, sign and revoke server and client X.509 v3 SSL certificates.\nSetting up a trusted encrypted communication network with your peers is a matter of minutes with BounCA.\nBounCA lets you  secure your web applications and OpenVPN connections without passwords,\nand secure access to your private cloud services with your own HTTPS scheme.\nSetting up a provisioning service for your Internet of Things devices was never so easy.\n\n[![BounCA](https://www.bounca.org/_images/ssl_dashboard_bounca.png)](https://www.bounca.org)\n\n### Your Own Certificate Authority\n\nUse cases:\n\n* Trusted encrypted communication with your peers (man-in-the-middle attack prevention)\n* Secure your internal REST micro-services and internal API's\n* Client-certificate based login for web services, web applications and OpenVPN connections\n* Secure S/MIME-based encrypted e-mail\n* Secure access to your private cloud services with your own HTTPS scheme\n* Secure your Internet of Things (IoT) network with your certificates and provision them via the BounCA API\n\nAdvantages:\n\n* No single point of failure: Decoupled and decentralized authentication management\n* You are in control of your complete trust chain: Spoofing nearly impossible as no third party is involved\n* Rocket fast authentication: SSL off-loading can be performed by your webservers\n\n### Features\n\n* Create and manage your own root certificates and certificate authorities\n* Create intermediate certificates for grouping of certificates\n* Create server side certificates for setting up trusted and encrypted connections\n* Create client side certificates for authentication and authorization\n* Support for advanced v3 certificates containing subject alt names\n* Revoke certificates within one mouse click and download Certificate Revoke Lists (CRL)\n* Download certificates, keys, and keystore packages for your webserver and installation\n* Protect your certificates via passphrases\n* Evaluate your certificates via the info button\n* Use the API to automate certificate provisioning\n\n\n# Installation\n\nBounCA is a Python Django based webapplication, with a Vuetify frontend, and\ncan be hosted on every platform capable of running python3 applications.\nThis tutorial describes how to deploy BounCA on a Debian 11 server.\nSome commands need the `root` permission level, prefix them with `sudo` if necessary.\n\n### Server prerequisites\n\nOn a fresh Debian 11 machine, first update your repositories:\n`sudo apt update`\n\ninstall the following packages via apt:\n\n  - gettext\n  - nginx\n  - python3\n  - python3-dev\n  - python3-setuptools\n  - python-setuptools\n  - python-is-python3\n  - uwsgi\n  - uwsgi-plugin-python3\n  - virtualenv\n  - python3-virtualenv\n  - python3-pip\n  - postgresql\n  - postgresql-contrib\n\n```\nsudo apt install \\\n    gettext \\\n    nginx \\\n    python3 \\\n    python3-dev \\\n    python3-setuptools \\\n    python-setuptools \\\n    python-is-python3 \\\n    uwsgi \\\n    uwsgi-plugin-python3 \\\n    virtualenv \\\n    python3-virtualenv \\\n    python3-pip \\\n    postgresql \\\n    postgresql-contrib\n```\n\n### Create database\n\nCreate user and database for Postgres\n```\nsudo su - postgres\ncreateuser bounca\ncreatedb --owner=bounca bounca --encoding=UTF8 --template=template0\npsql -c \"ALTER USER bounca WITH createdb\" postgres\n```\n\nOptionally, set a password for the `bounca` user.\n```\npsql -c \"ALTER USER bounca PASSWORD '\u003cyour password\u003e'\"\n```\n\nDon't forget to go back to your normal user, for example by using the command `exit`.\n\n### Create directories\n\nCreate directory for logging:\n```\nmkdir /var/log/bounca\nchown -R www-data:www-data /var/log/bounca\nmkdir -p /srv/www/\n```\n\n### Download BounCA\n\nGet the newest BounCA release from [the packages repo](https://gitlab.com/bounca/bounca/-/packages).\nUnpack it to a location where your web app will be stored, like `/srv/www/`.\nMake sure the directory is owned by the nginx user:\n```\n\ncd /srv/www/\ntar -xvzf bounca-\u003cversion\u003e.tar.gz\nchown www-data:www-data -R /srv/www/bounca\n```\n\n### Configuration\n\nTo run BounCA you need to configure nginx, uwsgi and BounCA.\nFirst copy the files:\n\n```\ncp /srv/www/bounca/etc/nginx/bounca /etc/nginx/sites-available/bounca\nln -s /etc/nginx/sites-available/bounca /etc/nginx/sites-enabled/bounca\n\ncp /srv/www/bounca/etc/uwsgi/bounca.ini /etc/uwsgi/apps-available/bounca.ini\nln -s /etc/uwsgi/apps-available/bounca.ini /etc/uwsgi/apps-enabled/bounca.ini\n\nmkdir /etc/bounca\ncp /srv/www/bounca/etc/bounca/services.yaml.example /etc/bounca/services.yaml\n```\n\nYou need to change the files `/etc/bounca/services.yaml` and `/etc/nginx/sites-available/bounca` for your situation.\n\n### Install virtualenv and python packages\n\nCreate the virtualenv and install python dependencies:\n\n```\ncd /srv/www/bounca\nvirtualenv env -p python3\nsource env/bin/activate\npip install -r requirements.txt\n```\n\n### Setup BounCA app and initialize database\n\nThe following commands will initialize the database, initialize the folder with\nstatic files. Also the fully qualified hostname must be configured, without protocol prefix.\nOptionally, create a super user for the admin interface.\n\n```\ncd /srv/www/bounca\nsource env/bin/activate\npython3 manage.py migrate\npython3 manage.py collectstatic\npython3 manage.py site \u003cfully qualified hostname\u003e\n\n```\n\nIn case the commands give you a db connection error, make sure you start the database:\n\n```\nservice postgresql start\n```\n\n### Check permissions\n\nCheck the permissions of ``/var/log/bounca``. The uwsgi user, in case of debian www-data, should have\nwrite permissions.\nIn case you face the error ``` no python application found, check your startup logs for errors ``` when\nstarting uwsgi, it is probably related to the permission of the log file, directory.\n\n\n### Starting the application\n\nFinally restart uwsgi and nginx.\n```\nservice uwsgi restart\nservice nginx restart\n```\n\n\nThe admin interface can be found at:\n[http://\u003cexample.com\u003e/admin](http://example.com/admin).\n\nTo access the admin interface you need an super user account. You can also create the super user via a webform, or via the commandline.\nYou need to have enabled `superuser_signup` in your config file to enable the webform to create a super user. The signup form can be reached at\nthis URI: [http://\u003cexample.com\u003e/accounts/signup/](http://example.com/accounts/signup/).\n\n\n```\npython manage.py createsuperuser --username myAdminUser --email myAdminEmail@example.com\n```\n(Optionally: Set DJANGO_SUPERUSER_PASSWORD Environment variable to set new passwords for `python manage.py createsuperuser` command, and execute with `python manage.py createsuperuser --noinput --username myAdminUser --email myAdminEmail@example.com`)\n\nThe admin interface can be found at:\n[http://\u003cexample.com\u003e/admin](http://example.com/admin).\n\nBounCA should be up and running. Browse to the hostname of your BounCA machine.\nEnjoy generating keys.\n\n## License\n\nApache License v2 - (c) 2016-2021, Repleo, Amsterdam\n\n## Author Information\n\nJeroen Arnoldus (jeroen@repleo.nl)\n\nRepleo, Amsterdam, Holland -- [www.repleo.nl](www.repleo.nl)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrasherdk%2Fboundca","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrasherdk%2Fboundca","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrasherdk%2Fboundca/lists"}