Welcome to my website. I've got a few services that I host. You can also email me at candle@utopple.com.

I also have my own set of keys/certs that you can use to make interacting with me more secure/easier.

I have my PGP key here (SHA256 hash, MD5 Hash).

I have my own SSL certificate authority for signing my SSL certificates. I've encrypted my signing cert here (SHA256 hash, MD5 Hash) with my PGP key (download my public key above to decrypt). In this way, I've essentially signed the signing cert with my PGP key, proving that it is indeed from me.

Before installing the signing cert, I urge you to first run openssl x509 -in utopple-ca.crt -noout -text to verify that there is a critical Name Constraints x509v3 extension that limits the CA certificate to .utopple.com and .shiningforcestation.com (my domains).

Also I have added my public PGP key as a TXT record under the pgp hostname in the DNS records for both domains to verify that these are indeed mine. dig +noall +answer pgp.utopple.com TXT You can run dig +noall +answer pgp.utopple.com TXT | sed "s/\\s//g" | sed 's/"//g' | sed 's/.*-----BEGINPGPPUBLICKEYBLOCK-----/-----BEGIN PGP PUBLIC KEY BLOCK-----/' | sed 's/-----ENDPGPPUBLICKEYBLOCK-----/-----END PGP PUBLIC KEY BLOCK-----/' | sed 's|\\010|\n|g' > utopple.pgp to download my public key from the TXT record and format it properly (write to the utopple.pgp file).

You should seek further information online. Installing a root certificate COULD allow the issuer (me) to snoop on any traffic secured using a certificate signed by that root certificate (if I were malicious), hence why you MUST ensure that my certificate ONLY is allowed to issue certificates for MY domains (since I can already snoop on the traffic, me being the owner of the server and all that).