Comments (3)
Hi there!
I would recommend researching how Certificates work, but you are shooting in the right direction.
The "dots" are fixed points, so you would need the certificate to cover three domains:
fooequivalent.onion
*.fooequivalent.onion
ORbar.fooequivalent.onion
; from what you say the latter sounds preferred.*.bar.fooequivalent.onion
...but (I apologise) I do not know if the HARICA process provides for Wildcard addresses on Onion subdomains, yet. I would be interested to learn how that goes.
You are correct to use hardmap secrets.d/foo.key foo.com bar
- because the default "foo.com" rule for EOTK already matches *.foo.com
and thus matches bar.foo.com
; HOWEVER the only area where one has to become specific about this, is re: purchasing Certificates. :-)
It should (?) be possible to get HARICA to put all three into one cert, but I do not know and have never tried. I recommend contacting them, and please let me know how you get on.
Digicert would certainly be able to offer an EV cert for these three, but that would be expensive.
Hope this helps.
from eotk.
Hi @alecmuffett,
Thanks a lot for getting back to me. My question was primarily about whether eotk can work with multiple certificates in one project.
I see two reasons to get multiple instead of one. One would be if Harica doesn't support all those domains on one cert for onion addresses (that doesn't seem too likely, but I haven't checked yet), the other is the case where over time you realize you need to support more domains that aren't already covered by a wildcard.
It seems probable that the latter will happen in my case, so I'm wondering if I'll be able to deal with that without replacing the cert I got in the first place. Would I be able to add more certs to the eotk project to cover the new subdomains?
I know with bare nginx that's no issue, but I'd rather not deal with the problem on that level. So is there an eotk-level answer to this?
Thanks!
WK
from eotk.
Harica does allow for certs that include:
foonumber1.onion
*.foonumber1.onion
*.bar.foonumber1.onion
*.baz.foonumber1.onion.
You can't however get:
*.foonumber1.onion
*.bar.foonumber1.onion
*.foonumber2.onion
Anyway, an EOTK level solution to a situation where there are multiple onion certificates for multiple domains as well as subdomains in one project would be welcome!
from eotk.
Related Issues (20)
- .
- error: the only supported value for ONION_VERSION is 3 HOT 4
- Installing SSL certificate with eotk for an existing onion address and server with Caddy docker HOT 5
- Ok HOT 1
- Could not resolve hostname wolfgang HOT 1
- eotk genkey fails with newer Tor version HOT 3
- Globally tweak nginx.conf files HOT 1
- deal with Timing-Allow-Origin in header rewrites HOT 1
- redirect_host is rewriting the URL to redirect to HOT 1
- Could not generate website HOT 1
- only http modus? HOT 2
- Log files with origin domains HOT 1
- 'resty.core' on Rasbian Stretch HOT 4
- Cannot prevent a subdomain from being unonionized HOT 3
- Create a debug-dump endpoint, optionally enable-able HOT 1
- Deployment of EOTK on Free Software Foundation Europe HOT 3
- SSL for production question HOT 19
- Request To fix Typo and Broken link HOT 2
- Overhaul the SSL_proof mechanism to include endpoints irrespective of HTTPS
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eotk.