Auto-generate certificate

[wvengen]

Right now, one needs to run a shellscript to generate a certificate.
This could be done by the program itself.

e.g. https://stackoverflow.com/a/60804101

[wvengen]

Currently a CA is created, the localhost-certificate is generated, and the CA's private key is removed (by default).
If browsers accept a self-signed certificate for an IP address, the CA step could be skipped, removing some complexity.

[wvengen]

The option to automatically add it to the CA trust list could be useful for users.
Even when added to the system trust store, it's not clear if browsers will pick this up (I think Chrome doesn't, for example, unless it is told to do so - then one can just as well import the certificate file).

https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list
https://superuser.com/questions/1430089/how-to-add-a-self-signed-ssl-certificate-to-linux-ubuntu-alpine-trust-store
https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

[wvengen]

p.s. on Firefox, it looks like one can add an exception for an unrecognized certificate, and get it to work, perhaps even without adding it to the trust store; that would be an easier route (but subject to breakage in the future, it browser behaviour changes)

[wvengen]

Adding private CA for Firefox (a bit involved though): https://wiki.debian.org/Firefox/PrivateCertificateAuthority