> cd /

Gemini as Tor Hidden service (onion)

I really like Tor Hidden services since they give a DNS-free URL amongst other things, I wanted to get my onion url for gemini.

However, gemini require correct TLS certificates.

Problem, the onion string don't match my domain, of course. I had to set a new certificate

Good news, everything is explained in "man ssl", thank you OpenBSD :

# openssl genrsa -out /etc/ssl/private/gemini.key 4096
# openssl req -new -key /etc/ssl/private/gemini.key \
	-out /etc/ssl/private/gemini.csr
# openssl x509 -sha256 -req -days 365 \
	-in /etc/ssl/private/gemini.csr \
	-signkey /etc/ssl/private/gemini.key \
	-out /etc/ssl/gemini.crt
	-extfile /etc/ssl/gemini.ext

The important line here is "-extfile ...gemini.ext".

You must write in this file a correct subjectAltName matching your domaines, this means you onion. For me :

> cat /etc/ssl/gemini.ext,DNS:b2khgkvb2wn4avjshjp63kknsjwikgwff5dwwydldia6qwf4kdnueyad.onion

I only had to tell relayd to listen also on localhost and I was ready to go :)

torsocks lagrange gemini://b2khgkvb2wn4avjshjp63kknsjwikgwff5dwwydldia6qwf4kdnueyad.onion


Comments ?

On the mailing list

Mailing list instructions

[XHTML 1.1 valid] [CSS < 256B] [] [http/Tor]