Self-signed certificate is generated by openssl utility. CA.crt and intermediate.crt are added to /etc/pki/ca-trust/source/anchors/ and /usr/share/pki/ca-trust-source/anchors/ on my client host(Fedora) I do #sudo update-ca-trust Server side (nginx) certs are added curl works tuy@tuy:~$ curl https://www-1.example.com Welcome to nginx! body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

tuy@tuy:~$ firefox https://www-1.example.com Warning: Potential Security Risk Ahead Firefox detected a potential security threat and did not continue to https://www-1.example.com . If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details. In browser certificate autority list my CA and intermediate exist WTF?