# https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate
# generate all the certificates
# import certificate root-ca.crt in firefox
# in the config of traefik set the server.key and server.crt in the tls store 

openssl req -x509 -nodes \
 -newkey RSA:2048       \
 -keyout root-ca.key    \
 -days 365              \
 -out root-ca.crt       \
 -subj '/C=CH/ST=Denial/L=Earth/O=Crescentec/CN=root_CA_crescentec'

openssl req -nodes   \
 -newkey rsa:2048   \
 -keyout server.key \
 -out server.csr    \
 -subj '/C=CH/ST=Denial/L=Earth/O=Crescentec/CN=server_crescentec'

openssl x509 -req    \
 -CA root-ca.crt    \
 -CAkey root-ca.key \
 -in server.csr     \
 -out server.crt    \
 -days 365          \
 -CAcreateserial    \
 -extfile <(printf "subjectAltName = DNS:*.${LOCAL_DOMAIN}\nauthorityKeyIdentifier = keyid,issuer\nbasicConstraints = CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nextendedKeyUsage=serverAuth")