Comment

Comment on How do I use HTTPS on a private LAN without self-signed certs?

<- View Parent

WhyJiffie@sh.itjust.works ⁨2⁩ ⁨months⁩ ago

browsers complain less, and some apps (like HomeAssistant Android) only accept that

source

Sort:hotnew top

False@lemmy.world ⁨2⁩ ⁨months⁩ ago
Trust the self signed cert. Works similarly to trusting a CA.

source
- IanTwenty@lemmy.world ⁨2⁩ ⁨months⁩ ago
  Not on Firefox, some site functionality is disabled: medium.com/…/the-ultimate-newbie-guide-for-self-s…
  
  source
- WhyJiffie@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
  for every single subdomain, on desktop. firefox mobile does bot even remember the decision. HA Android straight out refuses it, and thats not a local problem but a relatively known problem in the community
  
  source
  - False@lemmy.world ⁨2⁩ ⁨months⁩ ago
    Import it into the trust store in the browser/OS. It should be the same operation for a self-signed cert and a CA that isn’t subordinate to the standard internet root CAs.
    
    If you can’t import your own root CA cert then you’re probably screwed on both fronts and are going to have to use a public CA that’s subordinate to a commonly trusted root CA.
    
    source
  - N0x0n@lemmy.ml ⁨2⁩ ⁨months⁩ ago
    Just create a wildcard domain certificate !
    
    I access all my services in my lan through https://servicename.home.lab/ I just had to add the rootCA certificat (actually the intermediate certificate) into my trust store on every device. That’s what they actually do, just in automated way !
    
    Never had an issue to access my services with my self-signed certs, neither on Android, iOS, windows, linux ! Everything served from my server via my reverse proxy of choice (Treafik).
    
    However I do remember that there was something of importance to make my Android device accept the certificate (something in certificate itself and the extension).
    
    If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !
    
    source
    WhyJiffie@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
    
    Just create a wildcard domain certificate !
    
    that’s what I do already, but yeah I haven’t added it to the trust store so far, only on linux for git and curl
    
    If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !
    
    that would be interesting, thanks for the offer. but according to plan I don’t want to host a full-on CA, just make the CA cert, store them at a restricted place, and build other certs on top of it for use by nginx
    
    source
    -> View More Comments