For a bunch of internal projects I wanted to have proper ssl running that didn’t cause errors with self signed certificates and other invalid ssl issues. To manage this without the overhead of running some full CA software such as EJBCA or Dogtag i decided to do it with the tools that were already available on almost every Linux system. This was originally writtem several years ago in a text file on the USB sticks where I stored the CA offline but the documentation might be useful to other people. Most of this comes from https://jamielinux.com/docs/openssl-certificate-authority/ with a bit from a few other places.
This is just a quick note to save this useful bit of information. I may make in to a script one day or use it in something else. echo ''|openssl s_client -connect localhost:636 2>/dev/null | openssl x509 -noout -enddate | sed 's/^not.*\=//'