[CentOS] https and self signed

Wed Jun 15 15:37:31 UTC 2016
Paul Heinlein <heinlein at madboa.com>

On Wed, 15 Jun 2016, John R Pierce wrote:

> On 6/15/2016 6:47 AM, Jerry Geis wrote:
>>  How do I get past this? I was looking to just self sign for https.
>
> in my admittedly limited experience with this stuff, you need to 
> create your own rootCA, and use that to sign your certificates, AND 
> you need to take the public key of the rootCA and import it into any 
> trust stores that will be used to verify said certificates.

The EasyRSA scripts make creating and using your own Certificate 
Authority as painless as X.509 can be (which is to say, there will 
still be some pain). You can find them in the OpenVPN distribution 
tarball or at GitHub:

   https://github.com/OpenVPN/easy-rsa

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/