Welcome to the staging ground for new communities! Each proposal has a description in the "Descriptions" category and a body of questions and answers in "Incubator Q&A". You can ask questions (and get answers, we hope!) right away, and start new proposals.
Are you here to participate in a specific proposal? Click on the proposal tag (with the dark outline) to see only posts about that proposal and not all of the others that are in progress. Tags are at the bottom of each post.
Post History
What exactly are the steps to creating your own TLS certificates such that they create minimal error messages for users? For example, a simple self-signed certificate will trigger a lot of errors ...
#1: Initial revision
by
matthewsnyder
·
2024-03-04T16:40:11Z (9 months ago)
Proper way to create your own TLS certificates
What exactly are the steps to creating your own TLS certificates such that they create minimal error messages for users? For example, a simple self-signed certificate will trigger a lot of errors in many cases, and every time the certificate is rotated a new exception will need to be created. A better approach would be to create your own root CA certificate, and use this to sign the certificates you actually use. You would ask users to install the root CA as a one time step, and all browsers and programs should thereafter treat it as a "proper" certificate just like the real ones on the internet, with green checkmark on the lock icon and no nagging about TLS errors. You could also rotate the server cert without having to ask users to reinstall anything. What exactly are the steps for creating your own TLS certificate for a server (ie. without using any real CA organization), that will result in a smooth user experience?