full image - Repost: Wildcard SSL for local network (from Reddit.com, Wildcard SSL for local network)
Mining:
Exchanges:
Donations:
I'm trying to set up my OPNsense installation as the CA for my local network, following this guide. I'm using .lan as the TLD (is that the right term?) but I think this is where I'm getting stuck, as I keep getting an SSL_ERROR_BAD_CERT_DOMAIN error in Firefox (OPNsense is accessible through http(s)://opn.lan). It says:Firefox does not trust this site because it uses a certificate that is not valid for opn.lan. The certificate is only valid for *.lan.I'm not entirely sure of the problem but I'm guessing it's something to do with wildcards only being valid for subdomains, like *.askubuntu.com and *.stackoverflow.com, rather than *.com. I can see how this is important for the open internet butSo where to from here? * I could add a subdomain to the Domain field in OPNsense (SYSTEM:SETTINGS:GENERAL) -- something like jovtoly.lan. Then perhaps I could make the SSL cert for *.jovtoly.lan. Would OPNsense recognise "jovtoly" as a subdomain? I haven't actually tried this yet. * Buy a domain and certify using Let's Encrypt. This seems pointless and a waste of money as I won't be exposing any services to the open internet. But Techno Tim et al seem pretty keen on it. * Keep OPNsense as the CA but generate certificates for each home network server individually. There aren't too many servers but this seems like unnecessary effort. * Give up and fuck this shit (┛◉Д◉)┛彡┻━┻ * Something else?
Social Media Icons