Generate a valid SSL/TLS certificate with own CA authority

Question

I want to setup my own private Certificate authority to issue SSL/TLS certificates using for example:

https://aws.amazon.com/private-ca/ or EJBCA, Dogtag, OpenXPKI etc.

I'm going to use the issued certificates for Tomcat web servers to serve web pages. The questions is is this custom certificate going to be a marked as properly signed by client web browsers? Or like self-signed it's going to be marked as invalid?

*"my own private Certificate authority"* already says it. It's your own and private - not a public one. That's why clients will not trust it. — Steffen Ullrich, Jul 07 '23 at 04:36

score 0 · Answer 1 · answered Aug 03 '23 at 06:50

By default, your own Root CA certificate will not be trusted by browsers. You will get a warning screen forcing you to click "continue anyway". However, you can install your Root CA certificate in the OS's and/or web browsers trust store as a trusted Root CA. This is what larger organizations that control their clients do, so they can use TLS on internal servers (without public DNS records) in a user friendly way.

Generate a valid SSL/TLS certificate with own CA authority

1 Answers1