• @[email protected]
    link
    fedilink
    English
    2411 months ago

    Right, main point of my comment is that .internal is harder to use that it immediately sounds. I don’t even know how to install a new CA root into Android Firefox. Maybe there is a way to do it, but it is pretty limited compared to the desktop version.

    • @[email protected]
      link
      fedilink
      English
      811 months ago

      You can’t install a root CA in Firefox for android.

      You have to install the cert in android and set Firefox to use the android truststore.

      You have to go in Firefox settings>about Firefox and tap the Firefox logo for a few times. You then have a hidden menu where you can set Firefox to not use its internal trust store.

      You then have to live with a permanent warning in androids quick setting that your traffic might be captured because of the root ca you installed.

      It does work, but it sucks.

    • lemmyvore
      link
      fedilink
      English
      611 months ago

      This is not a new problem, .internal is just a new gimmick but people have been using .lan and whatnot for ages.

      Certificates are a web-specific problem but there’s more to intranets than HTTPS. All devices on my network get a .lan name but not all of them run a web app.

    • @[email protected]
      link
      fedilink
      English
      111 months ago

      You do not have to install a root CA if you use let’s encrypt, their root certificate is trusted by any system and your requested wildcard Certificate is trusted via chain of trust

      • @[email protected]
        link
        fedilink
        English
        1211 months ago

        That’s if you have a regular domain instead of.internal unless I’m mixing something. Topic of thread is .internal as if it were something new. Using a regular domain and public CA has always been possible.

      • @[email protected]
        link
        fedilink
        English
        111 months ago

        No one is saying it is their job.

        Merely that using a TLD like .internal requires some consideration regarding ssl certificates.

          • @[email protected]
            link
            fedilink
            English
            211 months ago

            Because people can discuss whatever they like?

            If you don’t like it just down vote it.

          • JackbyDev
            link
            fedilink
            English
            111 months ago

            People can talk about whatever they want whenever they want. The discussion naturally went to the challenges of getting non-self-signed certificates for this new TLD. That’s all.