Home > Enterprise >  How to solve the problem of self signed SSL certificates for sites intended to be LAN hosted
How to solve the problem of self signed SSL certificates for sites intended to be LAN hosted

Time:10-18

My software is intended to run on a Raspberry Pi.

After installing my software, a user can navigate to the webpage hosted by my software running on their Raspberry Pi from any device on their LAN.

I want my users to not have to worry about generating SSL certificates and such. Just install my software on their Raspberry Pi and navigate to the dashboard.

I can make my software automatically generate a self signed SSL certificate on the first run, but the users get warnings about self signed certificates in their browser and the site shows as insecure.

If I make my software use http instead, then chrome won't store cookies from the site so the users login doesn't last longer than one refresh.

I obviously can't distribute a CA signed certificate with my application since:

  1. Anyone can get hold of this, so it won't be secure
  2. It wouldn't work anyway since different users will have their Raspberry Pi on different IPs and hostnames

Is there any solution to be able to use secure HTTPS in this situation without getting warnings from browsers?

CodePudding user response:

It's debatable whether this is a development question or not (it clearly isn't programming); personally I would say yes. However, it is certainly more topical in other Stacks where it has been discussed extensively e.g.:
https://serverfault.com/questions/1060268/ssl-for-devices-in-local-network
https://serverfault.com/questions/906015/how-to-setup-ssl-certs-for-a-lan-web-app-server
https://serverfault.com/questions/964119/enable-https-on-a-private-network
https://serverfault.com/questions/573528/ssl-tls-cert-get-alternative-name-to-work-with-lan-ip
https://serverfault.com/questions/447753/ssl-certificate-for-local-web-server
https://serverfault.com/questions/833178/ssl-with-no-warning-for-local-ips
https://serverfault.com/questions/1018020/distributing-ssl-certificates-to-all-browsers-in-an-active-directory-environment
(some focussed on Windows and especially AD though)
and:
https://security.stackexchange.com/questions/121163/how-do-i-run-proper-https-on-an-internal-network
https://security.stackexchange.com/questions/227020/is-https-required-for-local-network-server-to-server-communication
https://security.stackexchange.com/questions/251308/do-i-need-to-create-ssl-for-https-over-a-local-network
https://security.stackexchange.com/questions/103524/lets-encrypt-for-intranet-websites
https://security.stackexchange.com/questions/124235/deploy-intranet-application-with-ssl-certificate

  • Related