Lmst
Login

#ngninx

Chrischr1stian
2026-01-12

quicktipp #109: Need webserver SSL/TLS certs for your Intranet or lab web applications and LetsEncrypt is not an easy option? Let's create a PKI in 3 minutes!

Using github.com/christian-korneck/t .

# we are on Ubuntu, let's install some prereqs $ apt install bash coreutils golang-cfssl gettext-base jq openssl sudo git # clone the tinypki repo to get the base folder structure $ git clone https://github.com/christian-korneck/tinypki.git $ cd tinypki # edit pki.conf and set a name for your new PKI $ vim pki.conf # now let's bootstrap the PKI $ ./bootstrap.sh # now we have a RootCA cert, that we can install and make trusted # on our client machines. $ ls root-ca/contoso-root-ca.pem root-ca/contoso-root-ca.pem # Let's install it and make it trusted on this machine $ utils/clientinstall/install_rootca_debian-ubuntu.sh root-ca/contoso-root-ca.pem ... 1 added, 0 removed; done. ... # Now let's create a server certificate for one of our # lab machines # (pass one or multiple names that the cert should be valid for) $ cd server $ ./mkcert.sh bob.contoso.com bob.lab.contoso.com $ cd .. # now we have cert, key and pfx file that we can use to set up # a webserver. # (For server setup check: https://ssl-config.mozilla.org/ ) $ ls server/bob.contoso.com bob.contoso.com.pem # cert + im ca cert (usually use this) bob.contoso.com-key.pem # the key bob.contoso.com-cert-only.pem # only the server cert bob.contoso.com.pfx # windows format: cert + im ca cert + key # we can also create wildcard certs (*.contoso.com) and # revoke certs - check the docs in the README.md.
Chagratt [compte de secours]chagratt@framapiaf.org
2021-02-01

Tiens c'est curieux, je vois des requêtes http GET vers des domaines pas du tout à moi dans mes logs #ngninx
Et le code retour est même 200. :shibathinking:

Ça vous arrive à vous aussi ?

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst