Here you go, I've cooked up these commands to make it easier for everyone to generate the appropriate CA directly from the terminal by just copy pasting this ( Big LOL ) one liner:
Code:
cat /etc/openssl.cnf > /jffs/openssl.cnf && sed -i "/\[ v3_ca \]/aextendedKeyUsage = serverAuth" /jffs/openssl.cnf && openssl genrsa -out ca.key 2048 && openssl req -key ca.key -new -x509 -days 825 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA" -config /jffs/openssl.cnf && rm /jffs/openssl.cnf
Flow Chart of the commands:
Step 1: It'll make a copy of /etc/openssl.cnf file to /jffs to make it writeable.
Step 2: It'll do the required changes in the copied file and add the EKU flag.
Step 3: It'll create the key.
Step 4: It'll generate the Root CA.
Step 5: It'll delete the openssl.cnf file copy from /jffs since it's no longer needed.
P.S I know there might be dozens of different ways to write these commands but since it's just a one time task I didn't really waste my time in finding the most efficient way.
P.S.S Also if your household don't have any Apple device you don't really need to do anything for now.