I've made a web app for my admin-restricted phone accessible using a private DNS hack. We'll say when I go to "google.com" my private DNS will redirect it to my server so I can use the web app I've programmed. But because I'm using a DNS hack, there's no way of providing a secure HTTPS connection. My web app needs functionality that is only available with a secure HTTPS connection.
Then I heard about Custom CA certificates. If I understand correctly, I can create a CA certificate using OpenSSL on my server and install that on my phone which will get rid of the "this is not a trusted certificate" warning and allow me access to all HTTPS functions.
I'm a little out of my element as I'm mainly a web-developer but I appreciate any help I receive!
I've tried following several tutorials but nothing seems to be working. My Samsung phone keeps saying "This file can't be used as a CA certificate" Here's how I'm creating the cert:
Server running Debian 11
openssl genpkey -algorithm RSA -out server.key
openssl req -new -key server.key -out server.csr -config openssl.cnf -extensions v3_req
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo openssl pkcs12 -export -in server.crt -inkey server.key -out CA_cert.p12 -password pass:passy
and my openssl.cnf looks like:
[ req ]
default_bits = 2048
prompt = no
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
C = SE
ST = Stockholm
L = Stockholm
O = SMG
OU = SMG
CN = google.com
[ distinguished_name ]
C = SE
ST = Stockholm
L = Stockholm
O = SMG
OU = SMG
CN = google.com
[ v3_ca ]
basicConstraints = critical,CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
[ v3_req ]
basicConstraints = critical,CA:TRUE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment```