Make it available to your clients, download and install it.
Make it available
cp rootCA.pem /var/www
# -- on your clientwget rootCA.pem # and install
Sign your certificates
And now, for every device that need to be signed (like your intranet website!)
Create a certificate
# -- on your device# create the device private keyopenssl genrsa -out device.key 4096
# create the certificate signing request# common-name is the most important field, this is what your browser will "certify"# if you website is www.example.com, then put "www.example.com"openssl req -new -key device.key -out device.csr
# -- on your server with your rootCAopenssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500
That’s it! Everytime you visit one of your website, you’ll never see again this warning!
Remember, every time you see this, a cat is suffering somewhere in the world, so contact the admin and explain that you love animals!
The quick and dirty tuto is over, if you want to make it better, read the following sources.