@nprofile1q... Thank you!

@nprofile1q... I love the music from Phantom; I think that my experience of Les Mis was coloured by sitting so fad back at the top!

@nprofile1q... This looks amazing!

@nprofile1q...

My phone runs Android.

I have services that I wish to access over TLS.

I want to reduce my dependency on Let's Encrypt.

(But also, a learning exercise.)

@nprofile1q... Wouldn't that be nice.

Along with hosting my own phone number allocation.

@nprofile1q... I won't lie, I am quite chuffed.

@nprofile1q... @nprofile1q... Yep, I might go down that line.

But tonight I am celebrating my openssl victory :)

@nprofile1q... Fun, learning, but also to have some valid, not self-signed (but still self-signed) certs for some bits and pieces.

But whether I stick with an openssl approach is an entirely different matter!

@nprofile1q... At this point, learning.

This is just phase 1 in my learning.

Phase 2 - which may not be immediate - will be about running my own CA capable of responding to ACME requests from certbot and similar.

@nprofile1q...

> the reasons that you're standing up your own CA

Attracting women, mainly.

Well bugger me.

I've:

- set up my own certificate authority
- created a CSR
- signed that CSR
- installed the resulting cert on a server
- configured apache2 to use it
- added my own root cert to my laptop and my Android phone
- configured Firefox on both my laptop and my phone to trust my root cert
- browsed to my website and got a working TLS connection, with no errors / warnings, using my own certificate authority

*And I've got how I did it with openssl written down.*

My goodness what a faff this was, and I'm not at all convinced that it is going to work with apps on Android.

But that is for Tomorrow Neil.