Trying to set up self signed certificates on other devices

To keep it short. I have a web server running (lighttpd on my Raspberry Pi), I want to be able to HTTPS to this IP from another device (PC - arch). For this I am trying to just use self-signed certificates by creating Certificate Authority and server certs. Here is what I tried and my current setup: 192.168.1.218 (RPI): #CA openssl genrsa -aes256 -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 3065 -out ca.crt #Server openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile server.cfg server.cfg contents: authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = 192.168.1.218 DNS.2 = lighttpd config as per docs - https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL : server.modules += ("mod_openssl") $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/server/server.crt" ssl.privkey = "/etc/lighttpd/ssl/server/server.key" proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 8008 ) ) ) } Once I had the setup in place, I copied ca.crt from RPI (192.168.1.218) to PC (192.168.1.36) and installed it in Arch following the docs: https://wiki.archlinux.org/title/User:Grawity/Adding_a_trusted_CA_certificate#System-wide_%E2%80%93_Arch,_Fedora_(p11-kit) Now I try to connect using curl, but I get a certificate error: curl https://192.168.1.218 curl: (60) SSL certificate problem: certificate is not yet valid More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. The same for **curl https://192.168.1.218 -cacert ca.crt**. Only using the **-k** option (insecure) am I able to connect and fetch response successfully. Is there anything I have missed? **RPI lighttpd version:** lighttpd/1.4.69 (ssl) - a light and fast webserver (RPI) **PC Arch curl version** curl 8.8.0 (x86_64-pc-linux-gnu) libcurl/8.8.0 OpenSSL/3.3.0 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.62.1 nghttp3/1.3.0 Release-Date: 2024-05-22