Note for users upgrading to #agate #Gemini server 3.x who would like to keep their existing keys:
(umask 077; mkdir .certificates/) && openssl rsa -inform PEM -in key.rsa -outform DER -out .certificates/key.der && openssl x509 -in cert.pem -out .certificates/cert.der -outform DER && chmod 0600 ./certificates/*.der && rm key.rsa cert.pem
This #CLI oneliner would:
- create a new
.certificatesdir with that's only accessible to your user - convert your PEM rsa key and cert to DER format and store them in your newly created
.certicatesdir - change the permissions of the newly converted DER files to only read/writeable by your user
- delete the old PEM files.
Now you should be able to run your agate server with --certs /path/to/.certificates to specify the new location of your certificates.
It's probably a good idea to have agate regenerate your certs in #ECDSA format instead, but this would at least allow you to upgrade already, and give you some time to inform your users of a pending cert change, and announce the new fingerprints ahead of time via your gemlog and out-of-band via your website and/or social media accounts.
