For a bunch of internal projects I wanted to have proper ssl running that didn’t cause errors with self signed certificates and other invalid ssl issues. To manage this without the overhead of running some full CA software such as EJBCA or Dogtag i decided to do it with the tools that were already available on almost every Linux system. This was originally writtem several years ago in a text file on the USB sticks where I stored the CA offline but the documentation might be useful to other people. Most of this comes from https://jamielinux.com/docs/openssl-certificate-authority/ with a bit from a few other places.