So i’m familiar with certs and domain names etc, and CA’s on the internet, but what I want to do is create a cert for all my LAN based services that have a login page, just to prevent local MITM attacks. Things like

pfSense
Netbox
HomeAssistant
piHole

all these locally accesses webservers, is it possible to create a cert and install on the devices I will be accessing them from? Do I need a CA to be running all the time to validate this CERT?

I also have a domain name, and was thinking about creating records for each service, such as

pfsense.domain.com, and just adding static DNS entries so these A records are only able to be resolved locally.

Has or does anyone currently do this?

Thanks

https://preview.redd.it/g0v814pqtwxb1.png?width=1200&format=png&auto=webp&s=97ad97e58337c5972f01e625f00e8af5c59ed553

  • nolo_me@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I don’t have a static IP, so I had to do it by a roundabout route. First I set up dynamic DNS at mydomain.duckdns.org and configured pfsense to update it, then I CNAMED lan.mydomain.com to it. I used the ACME package on pfsense to grab a wildcard cert for *.lan.mydomain.com, set up local DNS records in pfsense’s resolver for the various services and proxied them in pfsense’s HAProxy package.