X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=README;h=3541e8f8662a30cb4bf6995e9f7cb1f9204de46a;hb=e34ebce6d26b46e98d3660194608180a48cf3631;hp=0bd73f463e7a56b59c245b601dc76c1617848156;hpb=d247b11a05b2671e087c011b84499b3493f731a0;p=linux-dallas-multipass diff --git a/README b/README index 0bd73f4..3541e8f 100644 --- a/README +++ b/README @@ -7,14 +7,28 @@ I don't know Rust. To build, you'll need a bazillion Rust crates, because who can serve HTTPS and talk to a smartcard reader without 105 dependencies. Generate a self-signed -certificate (make sure the common name says 127.0.0.1 when asked): +certificate: - openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes + openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass" openssl rsa -in key.pem > cert.rsa -Install the certificate in your browser; I didn't have any luck with Chrome -(it's possible you'll need to go through a self-signed CA), but it worked fine -in Firefox. +If you want it to work in Chrome, you'll actually need to go via a CA, so slightly +more involved: + + openssl req -x509 -newkey rsa:4096 -keyout CA-key.pem -out CA-cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass" + openssl req -newkey rsa:4096 -keyout key.pem -out server-cert.csr -days 3650 -nodes -subj "/C=NO/CN=127.0.0.1" -addext "subjectAltName = IP.1:127.0.0.1" + cat <extensions.conf +[v3_ca] +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +subjectAltName = IP.1:127.0.0.1 +EOF + openssl x509 -req -days 3650 -in server-cert.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out cert.pem -extensions v3_ca -extfile extensions.conf + openssl rsa -in key.pem > cert.rsa + +Install the certificate (or CA certificate) in your browser. You'll also need +to spoof the User-Agent to say Windows, or Buypass will complain about the +lack of Java. Build and run: