Comment on How do I use HTTPS on a private LAN without self-signed certs?

• False@lemmy.world ⁨1⁩ ⁨week⁩ ago

  Import it into the trust store in the browser/OS. It should be the same operation for a self-signed cert and a CA that isn’t subordinate to the standard internet root CAs.

  If you can’t import your own root CA cert then you’re probably screwed on both fronts and are going to have to use a public CA that’s subordinate to a commonly trusted root CA.

  source
• N0x0n@lemmy.ml ⁨1⁩ ⁨week⁩ ago

  Just create a wildcard domain certificate !

  I access all my services in my lan through https://servicename.home.lab/ I just had to add the rootCA certificat (actually the intermediate certificate) into my trust store on every device. That’s what they actually do, just in automated way !

  Never had an issue to access my services with my self-signed certs, neither on Android, iOS, windows, linux ! Everything served from my server via my reverse proxy of choice (Treafik).

  However I do remember that there was something of importance to make my Android device accept the certificate (something in certificate itself and the extension).

  If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !

  source

  • WhyJiffie@sh.itjust.works ⁨1⁩ ⁨week⁩ ago

    Just create a wildcard domain certificate !

    that’s what I do already, but yeah I haven’t added it to the trust store so far, only on linux for git and curl

    If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !

    that would be interesting, thanks for the offer. but according to plan I don’t want to host a full-on CA, just make the CA cert, store them at a restricted place, and build other certs on top of it for use by nginx

    source

    • N0x0n@lemmy.ml ⁨1⁩ ⁨week⁩ ago

      If you change your mind someday, just send me a PM !

      source