Some notes so maybe I don’t forget how SSL certs work again:

  • certificates are arranged in a chain from CA down
  • the CA cert is special only because it is at the top of the chain
  • you need to use the higher level cert to create lower level ones if you want them in the chain
  • if you don’t need a separate authority, you can just use a self signed cert as the trusted root certificate (synonymous with CA?)

This was a good resource, except for the fact that the certificate size is too small (1024); this needs to be bumped up.