💾 Archived View for rawtext.club › ~sloum › geminilist › 005225.gmi captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Lindsay newsspeak11 at gmail.com
Sun Feb 14 00:31:18 GMT 2021
- - - - - - - - - - - - - - - - - - -
Greetings all,
I am trying to set up a server using Molly Brown and am having troubleimplementing its "Certificate Zone" feature. If this isn't the correctforum for this question, please let me know.
So far, I've set a directory require a certificate and successfully testedit - I am free to access all areas on the site and receive a certificatechallenge to the one directory as configured.
The problem I'm having is understanding how to add a specific clientfingerprint to the "allowed" list in the config file. The Molly Browndocumentation specify an allowed value takes the format of "hex-encodedSHA256 fingerprints of client certificates". I have what I think is a validfingerprint that I then converted into hex added to this section (which issignificantly longer than any of the examples provided), but thecorresponding certificate is rejected when provided.
I am certain this is user error. I have very little knowledge on how tomanage certificates and rely on google searches when generated the correctones for this server. Assuming the values provided in the example configfile are based on real, working values, my value is nearly 4 times as long.
Here's what I did:1. Generate a new key with following command:
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out
cert.crt -keyout key.key
2. Changed extension on output keys to .pem as required by Kristall Browser3. Imported ley and cer into Kristall4. Converted the fingerprint of the cert into hexadecimal with thefollowing command:
echo -n "[Fingerprint went here]" | od -A n -t x1
5. Copied hexadecimal value into Molly Brown configuration file so the section looks like this:
[CertificateZones]
"^/foo/" = [
# "d146953386694266175d10be3617427dfbeb751d1805d36b3c7aedd9de02d9af",
"aa1ee9e5a1572a4677e9f59e181b5c6a27527c7602bd441e7bf909f681db2eb36c32246c5193a270fcfbc509fef9349b03d6a299907580c90566c881752a01adcd9055fae1e53a308c56020462849b42ab777d67c9c5e3fd0427ec6d42a997",
]
6. Relaunch Molly Brown
Apologies if this is an elementary problem or the incorrect forum forsuch a question and appreciate any help that is provided.
Tanks!-------------- next part --------------An HTML attachment was scrubbed...URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210213/e5b52f27/attachment.htm>