💾 Archived View for bbs.geminispace.org › u › wsb › 12001 captured on 2024-08-25 at 10:02:08. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-08-18)
-=-=-=-=-=-=-
Re: "Does short-lived certificates (with the same key) break..."
Thanks skyjake for the reply (and for Lagrange, by which I post this)! Well, I guess it's over for sharing the TLS certificate.
2023-11-26 · 9 months ago
👤 AnoikisNomads · 2023-11-28 at 20:07:
I use amfora as gemini browser on my computer and yes, short-lived certificates break trust. this renders the whole certificate thing mostly useless. I've created a self-signed cert on my gemini capsule that'll expire in 100 years, that'll do.
🛞 wsb [OP] · 2023-11-28 at 21:41:
Thanks for the info!
Does short-lived certificates (with the same key) break TOFU in gemini? — I am thinking about creating a gemini page for myself, in addition to the existing web page. I want to use the same TLS certificate for both sites. The possible problem is that the certificate for the web PKI changes every few months (but the key does not change under my setup). Will this break TOFU for gemini clients? Thanks!