[ANN] New Server and Drudge Report Mirror

colecmac at protonmail.com colecmac at protonmail.com
Thu Jul 9 23:08:54 BST 2020

Previous message (by thread): [ANN] New Server and Drudge Report Mirror
Next message (by thread): [ANN] New Server and Drudge Report Mirror
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> I took the down to experiment with generating keys. It's back up now,
> but do be aware that the certs could be improperly generated.

"certificate is valid for *.ellertson.org, not ellertson.org"

Yeah, seems like it. Maybe my post might be of use? 😁

gemini://makeworld.gq/gemlog/2020-07-06-openssl.gmi

Seems like a quick fix though, just change the CN to ellertson.org instead.
If you actually want to create a wildcard cert, you can use this command
from the post:

openssl req -new -subj "/CN=*.example.com" -addext "subjectAltName = DNS:example.com, DNS:*.example.com" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 1825 -nodes -out cert.pem -keyout key.pem

The part you missed was adding the regular domain to subjectAltName.

Cheers,
makeworld

Previous message (by thread): [ANN] New Server and Drudge Report Mirror
Next message (by thread): [ANN] New Server and Drudge Report Mirror
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list