Certificate signing with an ePass2003

I have a fairly creative ssl setup on my webserver: I run my own ‘certificate authority’ which signs the server certificate; I have a bunch of alternative names specified; The CA certificate sits on an ePass 2003 PKI token. I’m writing down how I sign certificates in this context so I can use this to look up the procedure instead of spending hours in DuckDuckGo. This is more of a tutorial than elegant prose.

Users of PGP will be aware of the many keyservers around the web. has launched as an interesting alternative to the 'boring' and complicated keyservers. They provide an easy CLI client and web client (if you choose to share your private key - I didn't) for PGP crypto, where you don't need to know someone's key id - just their username on Twitter or GitHub.

OpenSC, Gentoo & Feitian ePass 2003

While playing with my ePass2003 on my Gentoo installation today, I had some trouble getting it to work. As it turned out, you need the following use flags enabled: # /etc/portage/package.use dev-libs/opensc pcsc-lite secure-messaging Hope this helps someone.