💾 Archived View for bbs.geminispace.org › s › GmCapsule › 2360 captured on 2023-11-14 at 08:51:13. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-11-04)

➡️ Next capture (2023-12-28)

🚧 View Differences

-=-=-=-=-=-=-

Certificate Generation

What is the recommended method of certificate generation with GmCapsule? I tried out agate first, and that automatically generates self-signed certificates for a specified domain. These can be converted from der to pem format and will work with GmCapsule. Of course just generating a self-signed certificate isn't too hard, but I'm curious what everyone else is doing.

Posted in: s/GmCapsule

☀️ mike

Jun 23 · 5 months ago

4 Comments ↓

🚀 skyjake · Jun 23 at 13:48:

I'm doing it with a little bash script that calls the `openssl` CLI and sets the various alternative names and wildcards. This lets me also reuse the private key if there is need to update the certificate.

🚀 skyjake · Jun 23 at 14:04:

I added an issue about this to the tracker:

— /s/GmCapsule-Issues/4

🍵 michaelnordmeyer · Jun 23 at 22:10:

There is the gemcert CLI tool by solderpunk, which can easily generate server and client certificates:

— https://tildegit.org/solderpunk/gemcert

☀️ mike · Jun 24 at 17:07:

Thank you both! That script works great and it will be very convenient to have GmCapsule generate its own certificates in the future.