Subj : Re: Chromium and self-signed certificates
To   : All
From : Lawrence D'Oliveiro
Date : Sat Aug 31 2024 23:30:32

On Sat, 31 Aug 2024 00:54:42 -0000 (UTC), bp wrote:

> The command to generate the self-signed certificate and key pair was
> openssl req -new -x509 -days 365 -sha3-512 -keyout host.key -out host.crt
> based on instructions from
> https://docs.freebsd.org/en/books/handbook/security/ combined with some
> private correspondence suggesting it worked correctly.

I had a look at those instructions, and they don’t mention how to
generate the actual CA cert. Having your own CA cert means you only
have to import it once into a browser (or other SSL/TLS client), and
it will thereafter trust all certs signed by this CA.

The procedure for being your own CA is a lot simpler in OpenSSL 3. I
have some notes here <https://gitlab.com/ldo/ssl_try_python/>.

--- SoupGate-Win32 v1.05
 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)

.