local SSL certificates, running X-Server application with WSL2, hopes and fears

Even though this was a Sunday, I spent much way more time on my laptop than I intended to. Bringing a client project back up on my new environment, figuring out how this works on Windows, trying to decide whether things are better be done inside WSL2 or on Windows, etc. I’m not convinced whether I really learned that much.

I have created self-signed certificates and Certificate Authorities on macOS, Linux and now Windows 10 within the past 2 years and even though it’s somewhat the same process, the overall thing seems so tedious:

  1. create the CA key
  2. create the CA certificate
  3. trust the CA certificate
  4. create the domain key
  5. create the domain certificate signing request
  6. create the domain certificate

And then go back and fix whatever assumptions the tutorial you used made and pull your hair out trying to fix them. One of them—and it’s not new to me but still makes me mad—is the chromium error code NET::ERR_CERT_COMMON_NAME_INVALID, when browsers haven’t been using the Common Name in years. To make a long story short: This is one aspect of my work I want a “two-click”-solution to. I want to create a CA and trust it, and then I want to create SSL certificates and trust those, cross-platform without having to deep-dive into CA-stores and whatnot.


On to the things I’ve learned today: Running X-Server applications on Windows 10 with WSL2 and VcXSrv. This tutorial to set up vcxsrv worked for me. The applications looked horrible though but this SuperUser answer fixed that. I’m not running WSL2 for the GUI application, but if you really need something that’s not available the above works fine.


Lastly, I learned and thought about the connection between hopes and fears and how they’re two sides of the same coin. If you want to get rid of your fears, you also need to get rid of your hopes.