如何信任CentOS 7/8上的自签名SSL？

我正在本地主机上为nginx使用自签名证书。我正在使用OpenSSL的最新版本来实现这一点。这是配置文件

localhost.conf

[req]
default_bits       = 2048
default_keyfile    = localhost.key
distinguished_name = req_distinguished_name
req_extensions     = req_ext
x509_extensions    = v3_ca

[req_distinguished_name]
countryName                 = Country Name (2 letter code)
countryName_default         = US
stateOrProvinceName         = State or Province Name (full name)
stateOrProvinceName_default = Rochester
localityName                = Locality Name (eg, city)
localityName_default        = Rochester
organizationName            = Organization Name (eg, company)
organizationName_default    = localhost
organizationalUnitName      = organizationalunit
organizationalUnitName_default = Development
commonName                  = Common Name (e.g. server FQDN or YOUR name)
commonName_default          = localhost
commonName_max              = 64

[req_ext]
subjectAltName = @alt_names

[v3_ca]
subjectAltName = @alt_names

[alt_names]
DNS.1   = localhost
DNS.2   = 127.0.0.1

我使用的命令如下：

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -passin pass:YourSecurePassword

将生成一个新的localhost.pfx文件。然后我运行下面的命令来生成证书和私钥

sudo openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt

现在，我在CENTOS 8上使用nginx在本地主机服务器上使用私钥和证书。当我卷曲进入主机，即，我得到以下错误

curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

现在，我将localhost.crt文件放入

/etc/pki/ca trust/source/anchors文件夹中，并运行以下命令：

update-ca-trust enable
update-ca-trust extract

然而，服务器仍然给我同样的错误！如何信任自签名SSL证书