Git Product home page Git Product logo

Comments (3)

alecmuffett avatar alecmuffett commented on July 22, 2024

Hi there!

I would recommend researching how Certificates work, but you are shooting in the right direction.

The "dots" are fixed points, so you would need the certificate to cover three domains:

  • fooequivalent.onion
  • *.fooequivalent.onion OR bar.fooequivalent.onion; from what you say the latter sounds preferred.
  • *.bar.fooequivalent.onion

...but (I apologise) I do not know if the HARICA process provides for Wildcard addresses on Onion subdomains, yet. I would be interested to learn how that goes.

You are correct to use hardmap secrets.d/foo.key foo.com bar - because the default "foo.com" rule for EOTK already matches *.foo.com and thus matches bar.foo.com; HOWEVER the only area where one has to become specific about this, is re: purchasing Certificates. :-)

It should (?) be possible to get HARICA to put all three into one cert, but I do not know and have never tried. I recommend contacting them, and please let me know how you get on.

Digicert would certainly be able to offer an EV cert for these three, but that would be expensive.

Hope this helps.

from eotk.

wknapik avatar wknapik commented on July 22, 2024

Hi @alecmuffett,

Thanks a lot for getting back to me. My question was primarily about whether eotk can work with multiple certificates in one project.

I see two reasons to get multiple instead of one. One would be if Harica doesn't support all those domains on one cert for onion addresses (that doesn't seem too likely, but I haven't checked yet), the other is the case where over time you realize you need to support more domains that aren't already covered by a wildcard.

It seems probable that the latter will happen in my case, so I'm wondering if I'll be able to deal with that without replacing the cert I got in the first place. Would I be able to add more certs to the eotk project to cover the new subdomains?

I know with bare nginx that's no issue, but I'd rather not deal with the problem on that level. So is there an eotk-level answer to this?

Thanks!
WK

from eotk.

maxpearl avatar maxpearl commented on July 22, 2024

Harica does allow for certs that include:
foonumber1.onion
*.foonumber1.onion
*.bar.foonumber1.onion
*.baz.foonumber1.onion.

You can't however get:
*.foonumber1.onion
*.bar.foonumber1.onion
*.foonumber2.onion

Anyway, an EOTK level solution to a situation where there are multiple onion certificates for multiple domains as well as subdomains in one project would be welcome!

from eotk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.