AquaCubeIT.NetFloppy/Certificates/certs/README-certs.md

# Certificate Setup (Dev)

This backend requires **mutual TLS** (client certs). For local development, use the provided script:

```bash
cd certs
./gen-certs.sh            # creates CA, server cert (localhost), client cert, and server.pfx
```

Outputs:
- `ca.crt` — CA certificate. Embed this in the ESP32 firmware as `SERVER_CA_PEM`.
- `server.pfx` — for Kestrel (password: `CERT_PASSWORD`, defaults to `changeit`).
- `server.crt` / `server.key` — PEM versions.
- `client.crt` / `client.key` — sample device certificate (PEM) and `client.pfx`.
Initial created by ChatGPT 2025-08-25 19:56:30 +01:00			`# Certificate Setup (Dev)`

			`This backend requires mutual TLS (client certs). For local development, use the provided script:`

			```bash
			`cd certs`
			`./gen-certs.sh # creates CA, server cert (localhost), client cert, and server.pfx`
			```

			`Outputs:`
			- `ca.crt` — CA certificate. Embed this in the ESP32 firmware as `SERVER_CA_PEM`.
			- `server.pfx` — for Kestrel (password: `CERT_PASSWORD`, defaults to `changeit`).
			- `server.crt` / `server.key` — PEM versions.
			- `client.crt` / `client.key` — sample device certificate (PEM) and `client.pfx`.