amfora - activate client cert
$ openssl req -new -subj "/CN=clarahd" -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -days 1825 -nodes -out cert.pem -keyout key.pem
nano ~/.config/amfora/config.toml
[auth] [auth.certs] "bbs.geminispace.org" = 'cert.pem' [auth.keys] "bbs.geminispace.org" = 'key.pem'
https://github.com/makew0rld/amfora/wiki/Client-Certificates
$ openssl pkcs12 -export -out cert.p12 -in cert.pem -inkey key.pem -passout pass: -nokeys
http://portal.mozz.us/gemini/yasendfile.org/TipTricks/pem2pkcs12.gmi
To use this identity with gemini.koplugin in KOReader on Kobo Clara HD
I copied cert.pem and key.pem to clarahd.crt and clarahd.key in the KOReader gemini/identities folder.
Now I can click signup and choose in the KOReader gemini client the same clarahd identity that I had set in Amfora.
This also works in the android KOReader if you use an up-to-date gemini.koplugin i.e. https://repo.or.cz/gemini.koplugin.git/snapshot/fc51448249f4a33f272ce5382451106bf0b3efb2.tar.gz
It also worked for the Lagrange android client from https://github.com/skyjake/skyjake.github.io/blob/master/fdroid/repo/lagrange_v1.18b36_phone.apk
May 15 ยท 5 months ago
2 Comments โ
๐ clarahd [OP/mod] ยท May 15 at 17:08:
Lol, it would have been easier to generate the first identity from the Lagrange app and export from there:
โ bbs.geminispace.org/s/Deedum/22490
๐ clarahd [OP/mod] ยท Jul 18 at 16:17:
NEW INFORMATION:
Actually DO NOT copy this certificate to all your browsers, unless you want it to act like a potential cookie identifying you everywhere!
Instead use a different browser with no client certificate for browsing, and use the browser with the certificate for posting.
โ bbs.geminispace.org/s/AskGemini/30325
Source