To build, you'll need a bazillion Rust crates, because who can serve HTTPS
and talk to a smartcard reader without 105 dependencies. Generate a self-signed
-certificate (make sure the common name says 127.0.0.1 when asked):
+certificate:
- openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes
+ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
openssl rsa -in key.pem > cert.rsa
-Install the certificate in your browser; I didn't have any luck with Chrome
-(it's possible you'll need to go through a self-signed CA), but it worked fine
-in Firefox.
+If you want it to work in Chrome, you'll actually need to go via a CA, so slightly
+more involved:
+
+ openssl req -x509 -newkey rsa:4096 -keyout CA-key.pem -out CA-cert.pem -days 3650 -nodes -subj "/C=NO/CN=localhost CA for multipass"
+ openssl req -newkey rsa:4096 -keyout key.pem -out server-cert.csr -days 3650 -nodes -subj "/C=NO/CN=127.0.0.1" -addext "subjectAltName = IP.1:127.0.0.1"
+ cat <<EOF >extensions.conf
+[v3_ca]
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, keyEncipherment
+subjectAltName = IP.1:127.0.0.1
+EOF
+ openssl x509 -req -days 3650 -in server-cert.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out cert.pem -extensions v3_ca -extfile extensions.conf
+ openssl rsa -in key.pem > cert.rsa
+
+Install the certificate (or CA certificate) in your browser. You'll also need
+to spoof the User-Agent to say Windows, or Buypass will complain about the
+lack of Java.
Build and run: