💾 Archived View for bbs.geminispace.org › u › skyjake › 18372 captured on 2024-08-19 at 01:04:36. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
Re: "Just found out this was a thing. I am very curious about..."
can self-signed [client] certificates be trusted?
Essentially, these provide proof (to a server) that the client is in possession of the (supposedly) secret and unique private key of the certificate. No other information contained in the client certificate can be trusted, by default.
You could certainly act as your own CA and do the whole certificate signing process on your client certificates, to prove that a particular client certificate was created by your CA, i.e., based on a particular CA root certificate. However, any server wishing to verify this signature would have to be provided your CA root certificate beforehand. I don't know of any Gemini server that supports such a thing out of the box.
Jul 07 · 6 weeks ago
Just found out this was a thing. I am very curious about the whole "client identity" system... can self-signed certificates be trusted? Wonder if there's a way to sign a certificate on, say, my VPS, and use that certificate to verify my identity. I really want to nerd out about this lol