SSL / TLS Certificates

Do you already run a web server?

If so, your server has probably already issued and used Let's Encrypt.

(I like to use Caddy for this)

Wait!

gemini://geminiprotocol.net/docs/tls-tutorial.gmi

https://geminiprotocol.net/docs/tls-tutorial.gmi

Project Gemini recommended use of the Gemini protocol is

self-signed certificates.

In fact, more than 90% of gemini: use self-signed certificates.

- - - 🎈 - - -

Agent

https://github.com/mbrubeck/agate

Agent issues self-signed certificates.

You don't have to think about this.

If you are using Caddy for your web server, the same goes for Agent.

- - - 🎈 - - -

Issuing certificates with OpenSSL

Do you need to issue a TLS certificate?

If you have OpenSSL on your PC or server, it's easy!

Here is the case with "localhost". Change it to the hostname you use.

And the deadline is 365,000 days. It is about 1000 years!

I also know how to issue a certificate like this.

This certificate is due on December 31, 9999 at 23:59:59!

By the way, looking at the balloon.fusen.nya.je certificate,

you may notice something interesting.

- - - 🎈 - - -

🎈 balloon.fusen.nya.je

- - - 🎈 - - -

😺 Powered by nya.je

Proxied content from gemini://balloon.fusen.nya.je/tlscert.gmi (external content)

Gemini request details:

Original URL
gemini://balloon.fusen.nya.je/tlscert.gmi
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.