自定义Web服务器和自签名证书

Question

First of all let me to say my knowledge of ssl and criptography protocols is very limited. Please be patient if I say something blatantly wrong :-) . Feel free to correct me!

I'm building a custom web server to be deployed inside an isolated local network; this is how I run my service (Python code):

ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile='mykey.crt', keyfile='mykey.key')
... client connects to https port 443 ...
ssl_sock = ssl_context.wrap_socket(sock, server_side=True)

This is how I generated mykey.crt and mykey.key files:

$ openssl genrsa -des3 -out mykey.orig.key 2048
$ openssl rsa -in mykey.orig.key -out mykey.key
$ openssl req -new -key mykey.key -out mykey.csr
$ openssl x509 -req -days 3650 -in mykey.csr -signkey mykey.key -out mykey.crt

So far so good, my webserver works very well. But I have go past the "not secure" warning that Firefox rightfully shove in my face.

I'd like to install my self-signed certificate in the few clients that are going access my web server in order to permanently avoid the warning.

I followed every single certificate installation guide I was able to find but I absolutely cannot get Firefox (and Chrome) accept my certificate. And I get no error message whatsoever from the browsers. I think I'm missing something in the certificate generation commands.

Somebody could help me? Thanks a lot!

Answer 1

self-signed certificate can uses only for tests. You have to get the certificate from an 'Accredited certification authority'

2) check please : self-signed certificate need to has next data: URL, address, name, email

3) you should use a certificate signed by a CA