@Antibiotic glad you got it sorted.. The only bad thing is browsers now complain about long life certs.. I think something like 398 days or something max..
Use to be able to create a cert good for 10 years, and have no worries most likely for the life of the equipment you were using it on.. Now you have to renew it every year or so..
Now that you have a CA your browser trusts you can sign certs with if for all your devices that use a webgui.. So you can get your browser to stop complaining for stuff like switches, printers, other software.. My nas and unifi controllers webguis all use certs signed by my home CA..
Since your using your own CA you can create certs for any domain you want to use, home.arpa for example - or the new .internal that also intended for local use. You can add rfc1918 IPs in you the SAN so that even when you access via IP vs fqdn your browser won't complain.
certs.jpg