So the documentation on generating a self signed cert is not correct. Isn't the key generated in that document technically the root CA?
Original Message From: Tomasz Sterna Sent: Tuesday, May 3, 2016 5:12 AM To: firstname.lastname@example.org Reply To: email@example.com Subject: Re: self signed cert W dniu 03.05.2016, wto o godzinie 02∶12 -0700, użytkownik li...@lazygranch.com napisał: > How exactly do I specify the cachain for a self signed cert. You need to put your root CA used to sign the cert to the CA certs store specified in 'cachain' option. This is to encourage deployments to stop using self-signed certs, of questionable security, and instead get a real cert. You can get real, widely accepted certs for free. > I get openssl error 18 meaning it can't be verified. Setting > verify-mode='0' didn't help. verify-mode sets how should the server verify client provided certificates. 0 (SSL_VERIFY_NONE) is the default.  https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_verify.html -- /o__ (_<^' I respect faith, but doubt is what gives you an education.