On Wed, 15 Jun 2016, John R Pierce wrote: > On 6/15/2016 6:47 AM, Jerry Geis wrote: >> How do I get past this? I was looking to just self sign for https. > > in my admittedly limited experience with this stuff, you need to > create your own rootCA, and use that to sign your certificates, AND > you need to take the public key of the rootCA and import it into any > trust stores that will be used to verify said certificates. The EasyRSA scripts make creating and using your own Certificate Authority as painless as X.509 can be (which is to say, there will still be some pain). You can find them in the OpenVPN distribution tarball or at GitHub: https://github.com/OpenVPN/easy-rsa -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/