What changed since my last post on certificates

Since my last post almost two years ago I updated my homeserver significantly with new hardware. With this new hardware I am able to run a lot more services and thus grew the wish to access them by their own DNS name. With the wildcard certificate it was no problem to securely access them from any browser.

Things changed when I started integrating these into the Jenkins pipelines. I got the following error message:

Intention and original situation

The move to encryption everywhere is inevitable. Soon browsers (starting with Chrome) will be blocked unencrypted HTTP requests. Google announced this in a recent blog post. So in order to prepare for this, my own home server installation needs a proper CA and certificates.

Creating the certification authority

I chose to use my NAS as the host for the CA for now as openssl was already installed. For the CA I followed the excellent instructions from Jamie Nguyen (link). The detailed instructions I used to create the Root CA are detailed here:. Only the Root CA will be used so I chose the less strict policy and used