Comment on How do I use HTTPS on a private LAN without self-signed certs?
N0x0n@lemmy.ml 1 week agoJust create a wildcard domain certificate !
I access all my services in my lan through https://servicename.home.lab/ I just had to add the rootCA certificat (actually the intermediate certificate) into my trust store on every device. That’s what they actually do, just in automated way !
Never had an issue to access my services with my self-signed certs, neither on Android, iOS, windows, linux ! Everything served from my server via my reverse proxy of choice (Treafik).
However I do remember that there was something of importance to make my Android device accept the certificate (something in certificate itself and the extension).
If you’re interested I can send you the snipped of a book to fully host your own CA :). It’s a great read and easy to follow !
WhyJiffie@sh.itjust.works 1 week ago
that’s what I do already, but yeah I haven’t added it to the trust store so far, only on linux for git and curl
that would be interesting, thanks for the offer. but according to plan I don’t want to host a full-on CA, just make the CA cert, store them at a restricted place, and build other certs on top of it for use by nginx
N0x0n@lemmy.ml 1 week ago
If you change your mind someday, just send me a PM !