making HTTPS work on LAN with self signed certificate

This is on a local area network (LAN). There is no internet connection. One admin has admin access to both the linux server and windows10 pc's.

I have a linux server running third party software to establish an over-the-network OpenGL remote visualization connection.

Win10 pc's as the client connect to the server using a web browser, or with their portable client. The default configuration is to connect via https://myserver:8443 using the browser.

In doing so with a browser one gets the traditional your data is at risk or in Firefox it is Warning: Potential Security Risk Ahead. And then you click on advanced and say Accept the Risk and Continue which (correct me if i'm wrong) establishes a not secure https connection.

I start with trying to create a self signed certificate?

openssl req -x509 -newkey rsa:4096 -keyout private.pem -out public.pem -days 365

and per my software's instructions put these two pem files under their folder /etc/dcv/ and the software will use them instead of automatically generating a self-signed certificate that is used to secure traffic. However I am not sure what the ownership and permissions on these files should be {i thought private.pem was important to protect}

This is where I hit a wall

I found how to combine the private.pem and public.pem file into a PKCS#12 (P12) bundle:

openssl pkcs12 -inkey private.pem -in public.pem -export -out certificate.p12

however I am prompted to password protect this certificate.p12 file, and then i can import it into my web browser but having to type the password to do so. That seemed to make a secure https connection work one time because their was not an https red padlock it was green, but I feel like at this point I and doing something wrong. It feels wrong to bundle private.pem with public.pem and distribute ? Do I need to import anything into my client pc's browser under Trusted Root Authority? If someone can explain in practical terms how it should be done for this kind of LAN scenario would be much appreciated. I am not looking to do anything official such as purchase a certificate, it's just a few computers on a LAN with no internet connection.