I am generating a self-signed certificate for a development server but I need it to be trusted in order to use some of the tools that will be using the certificate.
This is what I have tried:
openssl req -newkey rsa:2048 -x509 -nodes -keyout /etc/ssl/private/server.key -new -out /etc/ssl/certs/server.crt -reqexts v3_req -extensions v3_req -config /vagrant/openssl.san.conf -sha256 -days 1825
ln --symbolic /etc/ssl/certs/server.crt /etc/pki/ca-trust/source/anchors/server.crt
update-ca-trust extract
I tried grepping the ca-bundle.crt
file for the contents of server.crt
after running the update-ca-trust command but it wasn't there.
I have also tried copying the file instead of making a symlink but that did not work either.
The certificate is created correctly and works for Apache but it produces the self-signed error:
[vagrant@localhost certs]$ curl --head https://localhost/ curl: (60) Issuer certificate is invalid. More details here: http://curl.haxx.se/docs/sslcerts.html
How can I trust my self-signed certificate on the command line on the server?