💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › su2a0s$q53$1@gioia.aioe.or… captured on 2023-12-28 at 16:02:25. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-04-28)
-=-=-=-=-=-=-
From: Martin <martin@datapulp.de>
Subject: Re: Molly Brown and Yggdrasil
Date: Thu, 10 Feb 2022 07:06:16 +0100
Message-ID: <su2a0s$q53$1@gioia.aioe.org>
Am 09.02.22 um 22:16 schrieb meff:
This means that the cert should use a SAN and not a CN, but may be
indicative of a different error underneath.
Yes, with my own capsule I also tried SAN, this is the openssl.cnf:
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = XX
stateOrProvinceName = N/A
localityName = N/A
organizationName = Self-signed certificate
commonName = localhost
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 127.0.0.1
DNS.1 = localhost
Although the ip address appears in the certificate as whished, I still
am just able to connect to the capsule via the name "localhost"
THe openssl command for the above config:
openssl req -x509 -nodes -days 36500 -newkey rsa:4096 -keyout
yggdrasil.key -out yggdrasil.crt -config openssl.cnf
Interesting, did you try this method to create the cert and it didn't
work?
I tried the above and according to different explainations it should
also work with the raw ip adress calling.
Well, in the end I thought: maybe gmid does not support raw ip
addresses. I do think so.
Did anybody other manage to get a raw ip address access to a capsule?
Martin
Parent:
Re: Molly Brown and Yggdrasil (by meff <email@example.com> on Wed, 9 Feb 2022 21:16:14 -0000 (UTC))
Start of thread:
Molly Brown and Yggdrasil (by rtr <rtr@haraya.invalid> on Mon, 07 Feb 2022 21:17:35 +0800)