This only generates a CSR; Certificate Signing Request. That request has to be signed by a CA; Certificate Authority. The signed result is the actual certificate you use. You have to trust a CA, so anything it has signed can also be trusted to be valid. Normally you would use existing CAs, like Letsencrypt, Digisign, GoDaddy, GlobalSign, etc. You send them the CSR and they'll return a signed certificate (usually for a fee, some are free).
Now, a so-called "self-signed" certificate means you have generated and signed your own CA certificate. You can use that CA certificate to sign certificate requests.
Dear sirdice :
thanks. below is my step :
openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ca.crt #----->generate person ca organize
openssl req -days 365 -nodes -new -keyout server.key -out server.csr #----->generate server csr and key
openssl x509 -req -days 365 -in server.csr -out server.crt -CA ca.crt -CAkey ca.key -CAcreateserial #----->generate server crt
but when i put the result in homeserver.yaml in below , i have still get errors same. thanks.
#30 line #
tls_certificate_path:server.crt
#31 line #
tls_private_key_path: server.key
File "/usr/local/lib/python3.11/site-packages/yaml/scanner.py", line 291, in stale_possible_simple_keys
raise ScannerError("while scanning a simple key", key.mark,
yaml.scanner.ScannerError: while scanning a simple key
in "homeserver.yaml", line 30, column 1
could not find expected ':'
in "homeserver.yaml", line 31, column 1