John Oliver wrote:

At some point, when I have time, I'd love to learn enough about this to create a working CA, and generate certificates with it, and do everything "right". But if I try to do this "right", right now, I'm far more likely to wind up with no working authentication at all.

It's simply waste of time to mess around with self-signed server certs if you have several of them. There are small CA open source software packages and script collections out there.

Ciao, Michael.