Comment on issues setting up nginx as an https proxy

<- View Parent
N0x0n@lemmy.ml ⁨6⁩ ⁨days⁩ ago

(Thanks to darkan15 for explaining that).

I have to look at his answer to have a better understanding :P

The diagram would be useful. Considering that rn I’m losing my mind between man pages.

I’m working on it right now :) I’m a bit overwhelmed with my own LAN setup, and trying to get some feedback from other users :P

As for the book… I can’t accept. Just give me the name/ISBN and I’ll provide myself. Still. Thanks for the offer.

Good. If you have the money to spare please pay for it otherwise you know the drill :) (Myself I’m not able to pay the author so it’s kinda hypocrite on my end… But doing some publicity is also some kind of help I guess?)

Demystifying Cryptography with OpenSSL 3 . 0 by Alexei Khlebnikov <packt>

ISBN: 978-1-80056-034-5

It’s very well written, even as a non-native it was easy to follow :). However, let me give you something along the road, something that will save you hours of looking around the web :) !


Part 5, Chapter 12: Running a mini-CA is the part you’re interested in and that’s the part I used to create my server certificates.

HOWEVER: When he generates the private keys, he uses the ED448 algorithm, which is not going to work for SSL certificates because not a single browser accepts them right now (same thing goes for Curve25519). Long story short, If you don’t want to depend on NIST curves (NSA) fall back to RSA in your homelab ! If you are interested in that story go to p123:

Brainpool curves are proposed by the Brainpool workgroup, a group of cryptographers that were dissatisfied with NIST curves because **NIST curves were not verifiably randomly generated, so they may have intentionally or accidentally weak security. **

Here is a working example for your certificates:

Book:

$ mkdir private
$ chmod 0700 private
$ openssl genpkey \
    -algorithm ED448 \
    -out private/root_keypair.pem

But should be:

$ mkdir private
$ chmod 0700 private
$ openssl genpkey \
    -algorithm RSA \
    -out private/root_keypair.pem

You have to use RSA or whatever curve you prefer but accepted by your browser for EVERY key you generate !


Other than that, it’s a great reading book :) And good study material for cryptography introduction !

source
Sort:hotnewtop