• lemmyvore
    link
    fedilink
    English
    2711 months ago

    If you mean properly signed certificates (as opposed to self-signed) you’ll need a domain name, and you’ll need your LAN DNS server to resolve a made-up subdomain like lan.domain.com. With that you can get a wildcard Let’s Encrypt certificate for *.lan.domain.com and all your https://whatever.lan.domain.com URLs will work normally in any browser (for as long as you’re on the LAN).

    • @[email protected]
      link
      fedilink
      English
      2411 months ago

      Right, main point of my comment is that .internal is harder to use that it immediately sounds. I don’t even know how to install a new CA root into Android Firefox. Maybe there is a way to do it, but it is pretty limited compared to the desktop version.

      • @[email protected]
        link
        fedilink
        English
        811 months ago

        You can’t install a root CA in Firefox for android.

        You have to install the cert in android and set Firefox to use the android truststore.

        You have to go in Firefox settings>about Firefox and tap the Firefox logo for a few times. You then have a hidden menu where you can set Firefox to not use its internal trust store.

        You then have to live with a permanent warning in androids quick setting that your traffic might be captured because of the root ca you installed.

        It does work, but it sucks.

      • lemmyvore
        link
        fedilink
        English
        611 months ago

        This is not a new problem, .internal is just a new gimmick but people have been using .lan and whatnot for ages.

        Certificates are a web-specific problem but there’s more to intranets than HTTPS. All devices on my network get a .lan name but not all of them run a web app.

      • @[email protected]
        cake
        link
        fedilink
        English
        111 months ago

        You do not have to install a root CA if you use let’s encrypt, their root certificate is trusted by any system and your requested wildcard Certificate is trusted via chain of trust

        • @[email protected]
          link
          fedilink
          English
          1211 months ago

          That’s if you have a regular domain instead of.internal unless I’m mixing something. Topic of thread is .internal as if it were something new. Using a regular domain and public CA has always been possible.

        • @[email protected]
          link
          fedilink
          English
          111 months ago

          No one is saying it is their job.

          Merely that using a TLD like .internal requires some consideration regarding ssl certificates.

            • @[email protected]
              link
              fedilink
              English
              211 months ago

              Because people can discuss whatever they like?

              If you don’t like it just down vote it.

            • JackbyDev
              link
              fedilink
              English
              111 months ago

              People can talk about whatever they want whenever they want. The discussion naturally went to the challenges of getting non-self-signed certificates for this new TLD. That’s all.