1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Reusing Let's Encrypt Certificate and Key

    From Amessyroom@1:103/705 to All on Sun Aug 4 14:14:25 2024
    I have certificates working with synchronet, but
    was wondering if there is away to export the
    generated cert and key to PEM format;
    so other tools on same server could use them.

    ctrl/ss.cert
    ctrl/letsencrypt.key

    ---
    þ Synchronet þ Too Lazy BBS - toolazy.synchro.net:2323
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Amessyroom on Sun Aug 4 16:43:52 2024
    Re: Reusing Let's Encrypt Certificate and Key
    By: Amessyroom to All on Sun Aug 04 2024 14:14:25

    I have certificates working with synchronet, but was wondering if there is away to export the generated cert and key to PEM format;
    so other tools on same server could use them.

    ctrl/ss.cert
    ctrl/letsencrypt.key

    I think the only existing method is to export pkcs12:

    jsexec certtool.js --export-pkcs12 /path/to/exported.p12

    You would then need to use some other tool to go to PEM:

    openssl pkcs12 -in /path/to/exported.p12 -out my.crt.pem -clcerts -nokeys openssl pkcs12 -in /path/to/exported.p12 -out my.key.pem -nocerts -nodes

    It's possible that the whole thing could be done in JS but I'd really need to dig through the crypto stuff to say and it's not my strong suit.

    You can also go the other way and manage your cert(s) outside of Synchronet. When I do this, I use nginx as a reverse proxy in front of my BBS (and other web servers), and whatever the usual Let's Encrypt tools are (certbot? can't remember).

    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Amessyroom@1:103/705 to echicken on Sun Aug 4 23:20:37 2024
    Re: Reusing Let's Encrypt Certificate and Key
    By: Amessyroom to All on Sun Aug 04 2024 14:14:25

    I think the only existing method is to export pkcs12:

    jsexec certtool.js --export-pkcs12 /path/to/exported.p12

    You would then need to use some other tool to go to PEM:

    openssl pkcs12 -in /path/to/exported.p12 -out my.crt.pem -clcerts -nokeys openssl pkcs12 -in /path/to/exported.p12 -out my.key.pem -nocerts -nodes

    This worked. Thanks.

    ---
    ï¿­ Synchronet ï¿­ Too Lazy BBS - toolazy.synchro.net:2323
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)