This issue is related to #436 where I initially commented. I was asked to create a new issue instead.
I tried using the certificates from Let's Encrypt so that I can ship encrypted HEPs to Homer, but with hepgen.js (which is an incredible test tool by the way!), I keep getting the following error: Error: key usage does not include certificate signing. openssl s_client reported 32 (key usage does not include certificate signing). I've tried different permutations of cert.pem, chain.pem, and fullchain.pem. None of them worked as I have expected the latter to be the most appropriate choice.
I was going crazy for a moment as I read that some certs won't be supported in some server configurations until I was able to confirm the feasibility with the help of ChatGPT. I created a proof-of-concept using minimal Golang code to run a non-HTTP server, which make use of Let's Encrypt certs, that receives plaintext (the message would be encrypted while in motion, of course) from a client using TLS.
I simply do not understand why we must use a private CA or why we must succumb to disabling TLS verification on the client's side. Is it a typical configuration to use a private CA for heplify-server?
If I've overlooked a solution that's been under my nose, then please point me in the right direction (thanks in advance). I've been on this issue for weeks now, but I'm out of time trying to put together a quick solution, and I've to move on to my next tasks.
This issue is related to #436 where I initially commented. I was asked to create a new issue instead.
I tried using the certificates from Let's Encrypt so that I can ship encrypted HEPs to Homer, but with
hepgen.js(which is an incredible test tool by the way!), I keep getting the following error:Error: key usage does not include certificate signing.openssl s_clientreported32 (key usage does not include certificate signing). I've tried different permutations of cert.pem, chain.pem, and fullchain.pem. None of them worked as I have expected the latter to be the most appropriate choice.I was going crazy for a moment as I read that some certs won't be supported in some server configurations until I was able to confirm the feasibility with the help of ChatGPT. I created a proof-of-concept using minimal Golang code to run a non-HTTP server, which make use of Let's Encrypt certs, that receives plaintext (the message would be encrypted while in motion, of course) from a client using TLS.
I simply do not understand why we must use a private CA or why we must succumb to disabling TLS verification on the client's side. Is it a typical configuration to use a private CA for
heplify-server?If I've overlooked a solution that's been under my nose, then please point me in the right direction (thanks in advance). I've been on this issue for weeks now, but I'm out of time trying to put together a quick solution, and I've to move on to my next tasks.