is absolutely correct, so how to explain this simply...
What does it take to be a trusted root authority?
Condition 1) A trusted entity that every PC, Mac, chrome web browser, Internet Explorer, Firefox, and so on can trust.
Condition 2) Rigorous oversight from both private enterprises and governments to ensure secure storage of private keys used to sign other certs.
Condition 3) Root Certificates are pre-loaded in the factory into all browsers and/or operating systems.
Is wolfSSL such a trusted organization? Answer is no. Why not? Because wolfSSL isn't known by everyone and certs we create are not sent to the factory for loading into every browser and OS. wolfSSL is not subject to rigorous oversight from both the government and private corporations who want to ensure there is no possible way that our private keys could be stolen and result in certs issued with a compromise key. So who would be a trusted organization that could sign my cert so every device trusts my cert? Answers are:
Comodo, Symantec, GoDaddy, ... list here: https://en.wikipedia.org/wiki/Certificate_authority
@aschen0866 - thank you for the excellent explanation. Now I have some questions for wolfSSL.
There are configuration options for wolfSSL that suggest the certs can be created within Harmony/wolfSSL (see attached). There is no documentation explaining those options, so I will have to contact wolfSSL and report back later.
Yes wolfSSL can be used to create certs for testing purposes but like you mentioned in the opening you'll have to jump through some hoops to get your browser to trust those certs. You can also use wolfSSL to create a Certificate Signing Request (CSR) like @aschen0866 mentioned, you would then send that CSR to Comodo, or Symantec, or GoDaddy... and pay a fee (I think they charge on a yearly basis) to have your cert be signed by one of the universally trusted Root Authorities! That cert will be good for the amount of time you pay for and every browser, PC, smart phone etc that comes pre-loaded with root certificates from the factory will automatically trust your cert since those devices all have a copy of the Root CA cert who's' associated private key ultimately signed your certificate.
I was actually just writing an explanation on this topic the other day, once we have the document edited and posted on our website I'll update this post with a link.