Minimal Viable Certificate Authority

This documentation assumes LibreSSL on OpenBSD 7.3; anything with OpenSSL should be similar, though how to best create certificates does vary over time. This is a simple test CA that lives in a directory. Season with security to taste.

=> minimum-ca.sh

Perhaps too minimal, lacking revocation lists and whatnot, but verification can happen for a certificate (minca-test.cert) signed against the certificate authority (minca.cert).

    $ sh minimum-ca.sh
    Generating RSA private key, 4096 bit long modulus
    ...
    $ tclsh8.6 pingpong.tcl minca.cert minca-test.cert minca-test.key
    SERVER listen 7169
    CLIENT localhost 7169 pinging
    SERVER client 127.0.0.1 3168
    SERVER ponging
    CLIENT server said: PONG 1681516486260
    CLIENT localhost 7169 pinging
    SERVER client 127.0.0.1 10954
    SERVER ponging
    CLIENT server said: PONG 1681516486787
    CLIENT localhost 7169 pinging
    SERVER client 127.0.0.1 17953
    SERVER ponging
    CLIENT server said: PONG 1681516487311

=> local-ca.gmi | index.gmi

Proxy Information
Original URL
gemini://thrig.me/tech/ssl/minimum-ca.gmi
Status Code
Success (20)
Meta
text/gemini
Capsule Response Time
1022.199433 milliseconds
Gemini-to-HTML Time
0.346017 milliseconds

This content has been proxied by September (ba2dc).