OpenSSL woes

=> RE: Parker, "I really hate OpenSSL"

As of this writing,

=> gemini://pon.ix.tc/~krixano/

works in bollux, so I'm not sure what was going on earlier.

However, I've had some issues with sites not connecting in the past, and it turns out the problem was that 

openssl req -x509 -newkey

defaults to using a v1 certificate, which does not support SNI. Self-signing server authors need to make sure that they use v3 certificates (which I'm not sure how to requisition with openssl; I've yet to set a cert up myself. Though I found an answer on serverfault that might help.)

=> "openssl keeps creating v1 certificate instead of v3" on serverfault

It'd be nice if someone could write a "best practices for server people" document. Or add it to the

=> existing best practices document.

Proxy Information
Original URL
gemini://gemini.circumlunar.space/users/acdw/2020-06-25-re-parker-openssl.gmi
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
662.225536 milliseconds
Gemini-to-HTML Time
0.226506 milliseconds

This content has been proxied by September (ba2dc).