Openssl can do everything.

That’s right, but instead of the word derived we use “issued”

Correct certs get old by design, they can also be revoked. As another commenter mentioned the biggest pain is actually in the redistribution of these end certificates. In enterprise this is all managed usually with the same software they use for deployment or have auto enrollment configured.

You should find tons of guides just take it slow to understand it all. Understanding certificates in depth is a rare and good skill to have. Most sysadmins I come across are scared to death of certificates.

I do too. For some reason people usually run away.

No, because it’s no longer dangerous if it’s trusted.

You give your friends your public root and if applicable, intermediary certs. They install them and they now trust any certs issued by your CA.

Source: I regularly build and deploy CA’s in corps

Connect is great, extensive filtering available. I use it as my main and jerboa as backup.

I haven’t looked in awhile, how was the process of migrating watch history or did you not bother?

deleted by creator

Same experience here, I started with a VM and then got hooked. Now I daily drive it as well.

It sort of turned my desktop from something I didn’t ever want to mess with to feeling free to tinker with whatever I want.

I’ve fallen in love doing things in a portable way and continually try new things with nix-shell -p program --run program