Creating a new CA certificate and signing all your services’ certificates with it is obviously not enough, you also need to install your new root CA to all your devices.
Add the root CA to
update-ca-certificates (which builds a database that
is used by
wget and others).
there is an
Install from SD card entry. Select the CRT
file, give it a name. It’s not clea whether the “Certificate
use” actually is used: adding my root CA ås “VPN and
applications” lets the Android
mail application connect to my IMAP server.
Firefox / Thunderbird
These have their own trust store each, which means you
need to install it twice. In both cases,
Import. So simple.