Note for users upgrading to server 3.x who would like to keep their existing keys:

(umask 077; mkdir .certificates/) && openssl rsa -inform PEM -in key.rsa -outform DER -out .certificates/key.der && openssl x509 -in cert.pem -out .certificates/cert.der -outform DER && chmod 0600 ./certificates/*.der && rm key.rsa cert.pem

This oneliner would:

  • create a new .certificates dir with that's only accessible to your user
  • convert your PEM rsa key and cert to DER format and store them in your newly created .certicates dir
  • change the permissions of the newly converted DER files to only read/writeable by your user
  • delete the old PEM files.

Now you should be able to run your agate server with --certs /path/to/.certificates to specify the new location of your certificates.

It's probably a good idea to have agate regenerate your certs in format instead, but this would at least allow you to upgrade already, and give you some time to inform your users of a pending cert change, and announce the new fingerprints ahead of time via your gemlog and out-of-band via your website and/or social media accounts.

ping @KelsonV
Probably not really useful anymore to you as you've already migrated to new keys, but might be a handy addition to your gemlog article?

Show thread
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!