To ensure system-wide trust for the self-signed certificate I use on my intranet server, I added an exception for it in Firefox, but this is not possible in other applications such as Chrome, console apps, and IDEs.

Therefore, I want the certificate to be trusted system-wide, and the recommended approach seems to be installing it as a root CA.

However, I’m concerned that whoever controls the self-signed certificate could potentially use it to sign forged certificates for any site on my machine, which is not what I want. I only need the single intranet server to be self-signed, not all services I use.

What is the recommended approach for dealing with intranet TLS in this situation?

Askify Moderator Edited question May 2, 2023