Comment on issues setting up nginx as an https proxy
brokenlcd@feddit.it 6 days agoi’m not sure if it’s equivalent. but in the meantime i have cobbled up a series of commands from various forums to do the whole process, and i came up with the following openssl commands.
openssl genrsa -out servorootCA.key 4096 openssl req -x509 -new -nodes -key servorootCA.key -sha256 -days 3650 -out servorootCA.pem openssl genrsa -out star.servo.internal.key 4096 openssl req -new -key star.servo.internal.key -out star.servo.internal.csr openssl x509 -req -in star.servo.internal.csr -CA servorootCA.pem -CAkey servorootCA.key -CAcreateserial -out star.servo.internal.crt -days 3650 -sha256 -extfile openssl.cnf -extensions v3_req
with only the crt and key files on the server, while the rest is on a usb stick for keeping them out of the way.
hopefully it’s the same. though i’ll still go through the book out of curiosity… and come to think of it. i do also need to setup calibre :-).
thanks for everything. i’ll have to update the post with the full solution after i’m done, since it turned out to be a lot more messy than anticipated…
N0x0n@lemmy.ml 6 days ago
This is indeed similar ! And looks like a working certificate :) (You even use as .csr file).
The book adds something (Not very useful but kinda neat to have): a certificate revocation setup and an IntermediateCA signed by your rootCA. So you can keep your rootCA out of your system :)