To generate a self-signed TLS certificate with OpenSSL, simply run a specific command that creates cert.key and cert.crt files. Although using this certificate will encrypt connections, browsers may not trust it, causing warnings when visiting websites that use self-signed certificates. One solution is to create a personal certificate authority (CA). Generate a private key and certificate for the CA, create a private key for the signed certificate, and generate a certificate signing request file along with a config file before obtaining a signed certificate from the CA. Make the CA trusted by the operating system or browser to ensure proper functionality. Specific instructions are provided for Ubuntu and Arch Linux, as well as for installing the root CA certificate in Firefox and Chromium, ensuring secure browsing.
https://previnder.com/tls-ca-linux/