diff --git a/resotolib/resotolib/x509.py b/resotolib/resotolib/x509.py
index bdcd18ff4d..227cdb4e0f 100644
--- a/resotolib/resotolib/x509.py
+++ b/resotolib/resotolib/x509.py
@@ -186,24 +186,31 @@ def write_cert_to_file(cert: Certificate, cert_path: str, rename: bool = True) -
         os.rename(tmp_cert_path, cert_path)
 
 
+def generate_ca_bundle_bytes(cert: Certificate, include_certifi: bool = True) -> bytes:
+    content = bytearray()
+    if include_certifi:
+        content.extend(certifi.contents().encode())
+    content.extend("\n".encode())
+    content.extend(f"# Issuer: {cert.issuer.rfc4514_string()}\n".encode())
+    content.extend(f"# Subject: {cert.subject.rfc4514_string()}\n".encode())
+    label: str = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value  # type: ignore
+    content.extend(f"# Label: {label}\n".encode())
+    content.extend(f"# Serial: {cert.serial_number}\n".encode())
+    md5 = cert_fingerprint(cert, "MD5")
+    sha1 = cert_fingerprint(cert, "SHA1")
+    sha256 = cert_fingerprint(cert, "SHA256")
+    content.extend(f"# MD5 Fingerprint: {md5}\n".encode())
+    content.extend(f"# SHA1 Fingerprint: {sha1}\n".encode())
+    content.extend(f"# SHA256 Fingerprint: {sha256}\n".encode())
+    content.extend(cert_to_bytes(cert))
+    return bytes(content)
+
+
 def write_ca_bundle(cert: Certificate, cert_path: str, include_certifi: bool = True, rename: bool = True) -> None:
     tmp_cert_path = f"{cert_path}.tmp" if rename else cert_path
+    content = generate_ca_bundle_bytes(cert, include_certifi)
     with open(tmp_cert_path, "wb") as f:
-        if include_certifi:
-            f.write(certifi.contents().encode())
-        f.write("\n".encode())
-        f.write(f"# Issuer: {cert.issuer.rfc4514_string()}\n".encode())
-        f.write(f"# Subject: {cert.subject.rfc4514_string()}\n".encode())
-        label: str = cert.issuer.get_attributes_for_oid(NameOID.COMMON_NAME)[0].value  # type: ignore
-        f.write(f"# Label: {label}\n".encode())
-        f.write(f"# Serial: {cert.serial_number}\n".encode())
-        md5 = cert_fingerprint(cert, "MD5")
-        sha1 = cert_fingerprint(cert, "SHA1")
-        sha256 = cert_fingerprint(cert, "SHA256")
-        f.write(f"# MD5 Fingerprint: {md5}\n".encode())
-        f.write(f"# SHA1 Fingerprint: {sha1}\n".encode())
-        f.write(f"# SHA256 Fingerprint: {sha256}\n".encode())
-        f.write(cert_to_bytes(cert))
+        f.write(content)
     if rename:
         os.rename(tmp_cert_path, cert_path)