I really like Tor Hidden services since they give a DNS-free URL amongst other things, I wanted to get my onion url for gemini.
However, gemini require correct TLS certificates.
Problem, the onion string don't match my domain, of course. I had to set a new certificate
Good news, everything is explained in "man ssl", thank you OpenBSD :
# openssl genrsa -out /etc/ssl/private/gemini.key 4096 # openssl req -new -key /etc/ssl/private/gemini.key \ -out /etc/ssl/private/gemini.csr # openssl x509 -sha256 -req -days 365 \ -in /etc/ssl/private/gemini.csr \ -signkey /etc/ssl/private/gemini.key \ -out /etc/ssl/gemini.crt -extfile /etc/ssl/gemini.ext
The important line here is "-extfile ...gemini.ext".
You must write in this file a correct subjectAltName matching your domaines, this means you onion. For me :
> cat /etc/ssl/gemini.ext subjectAltName=DNS:si3t.ch,DNS:b2khgkvb2wn4avjshjp63kknsjwikgwff5dwwydldia6qwf4kdnueyad.onion
I only had to tell relayd to listen also on localhost and I was ready to go :)
torsocks lagrange gemini://b2khgkvb2wn4avjshjp63kknsjwikgwff5dwwydldia6qwf4kdnueyad.onion