Hi
I was wondering if they are "good" options to manage https with a local server (which is offline from internet).
We tried to use self signed certificate but chrome/ie but navigator shows some errors.
We use a web app, so it can be nice if we haven't anything to install on for each user's computer.
Thinking about using things like letsencrypt but the local server our of internet seems to be a problem too.
Did you see any option for our problem ?
Thank's !
Gergely Polonkai
You have to believe in things that are not true. How else would they become?
HTTPS certificates are signed by authorities that you have to trust, otherwise you get an error.
Browsers come with a number of trusted authorities, which is why most https websites work, and why self-signed certificates don't work.
Note that you still get encryption with self-signed certificates, but what you don't get is the validation that you're connecting the right part matching the public key.
So your options that I am aware of are:
(Someone correct me if you spot any mistake)
The exact solution depends on your environment, but generally you have two options.
If the domain is internal, too (like example.local, or anything not resolvable for the outside world), you will have to roll your own Certificate Authority. The InterWebz is full of articles on this, but your main problem will be to roll out your signing certificate. In a Windows environment, it is as easy as setting it up in Active Directory. In a Linux only environment, you might want to roll out a package that installs the signing cert as a valid one. For Macs… well i honestly have no idea how it works there.
If your domain and all your hostnames are resolvable for the outside world you can still go with option one, but you can get free certificates from LetsEncrypt. Or, if you don’t trust them, you can buy actual certificates from a lot of parties from VeriSign to COMODO. It can be pricey, but they are the most trustworthy as of now. This solution takes off the burden of running your own CA, but it might create other problems.
As usual, the choice is yours, as we can’t possibly know all your circumstances, your budget, and all the small details of your requirements.