[CentOS] https and self signed

Wed Jun 15 17:43:26 UTC 2016
m.roth at 5-cent.us <m.roth at 5-cent.us>

John Hodrien wrote:
> On Wed, 15 Jun 2016, John R Pierce wrote:
>> On 6/15/2016 6:47 AM, Jerry Geis wrote:
>>>  How do I get past this? I was looking to just self sign for https.
>> in my admittedly limited experience with this stuff, you need to create
>> your own rootCA, and use that to sign your certificates, AND you need
to take
>> the public key of the rootCA and import it into any trust stores that will
>> be used to verify said certificates.
> If you don't do this, then there's no real point using SSL at all, and you
> *should* be forced to override security with arguments:
> wget --no-check-certificate
> curl --insecure

Or, maybe, you're working in a domain, and one upper level website is set
up with https-use-strict recursive, so it breaks *everything* below....
I'd like to be able to say "but not me" in the website configuration page
- maybe it just throws up a warning, to remind you to pull it when it goes
live, but for dev & test....

         mark, really tired of it breaking our *internal* documentation wiki
                   for me