Is there a way to have https for local network webapps without buying any domain?

Question

I have a local environment in a simple subnet like this 192.168.25.0/24.

In this subnet I have a lot of lxc servers, each server is for a different management software accessible from a web interface and only from local network.

I have control over this network through some mikrotik and pfsense routers, so to access those web interfaces I have setup some static DNS entries in both mikrotik and pfsense, so my colleagues can access the web apps trough their browser like this http://app1.com http://app2.com etc

I do not have an registar for those domains cause I do not want/need to access outside of my network, furtermore it's useless to pay for something that is no use, but in this way I cannot make certbot to release https certificate cause domains doesn't exists. In this environment is there a way to remove the https warning from those apps? many thanks

score 3 · Accepted Answer · answered Jul 17 '22 at 16:01

After a long search I finally managed to create SSL certificate for my local network.

I used SmallStep.com

Installation:

Install step

wget https://dl.step.sm/gh-release/cli/docs-ca-install/v0.20.0/step-cli_0.20.0_amd64.deb
sudo dpkg -i step-cli_0.20.0_amd64.deb

Install step-ca

wget https://dl.step.sm/gh-release/certificates/docs-ca-install/v0.20.0/step-ca_0.20.0_amd64.deb
sudo dpkg -i step-ca_0.20.0_amd64.deb

Now Initialize a Certificate Authority

step ca init --name "Local CA" --provisioner admin --dns localhost --address ":8443"

you need to enter a password and then you will get a result similar to this:

✔ Root certificate: /home/mhefny/.step/certs/root_ca.crt
✔ Root private key: /home/mhefny/.step/secrets/root_ca_key
✔ Root fingerprint: 1d2817edc4ace09f727babb020ff4e9f54bd1b9251530c687b210e56cf1f5d44
✔ Intermediate certificate: /home/mhefny/.step/certs/intermediate_ca.crt
✔ Intermediate private key: /home/mhefny/.step/secrets/intermediate_ca_key
✔ Database folder: /home/mhefny/.step/db
✔ Default configuration: /home/mhefny/.step/config/defaults.json
✔ Certificate Authority configuration: /home/mhefny/.step/config/ca.json

remember fingerprint and the paths.

Now assume you have a domain called mylocalnetwork.local

lets generate a certificate for it:

step ca certificate --offline mylocalnetwork.local foo.crt foo.key

either use a local DNS or just add the domain name to /etc/hosts so that it can be translated to machine IP.

The ONLY missing thing is to generate the root certificate that is used as Authority Certificate in Google Chrome.

step-ca $(step path)/config/ca.json

and from another terminal run:

step ca root root.crt

Add root.crt to chrome and other browsers you will use to access your website.

Create a website and use foo.crt foo.key as SSL certificates and key respectivly.

on your browser write: https://mylocalnetwork.local

and your are DONE!

score 0 · Answer 2 · answered Jul 29 '20 at 09:39

0

You can try to genereate your own certificate and self-sign it. Doing so you will have to install the certificate on your computers to remove the warning you get because the CA of you certificate is unknown.

Generate SSL certificate: https://stackoverflow.com/a/10176685/10365816

answered Jul 29 '20 at 09:39

naggab

371
4
18

hmm ok I will give a try – silvered.dragon Jul 29 '20 at 10:01
sorry for late answer my notification was in spam. This is the only working solution, a little annoying to manualy install certificates on all workstations but it works. Many thanks – silvered.dragon Aug 12 '20 at 14:29

Is there a way to have https for local network webapps without buying any domain?

2 Answers2

Linked