Hello, this is maybe a dumb question then this problem bother me a bit.
I got two let’s encrypt certificates to manage my two servers in total security over the internet.
Everything is fine on the Internet side: every connection is secure, no warnings and a steady lock showed by any browser,
The same if I do use the domain name to call the servers also when I do operate locally, from the same Lan.
Then something change if I do call the server directly with his IP. Example: 192.168.1.160.
In this case, all the browsers block the connection, call it unsecure, complain about a not valid certificate and ask me to go advanced if I really want to access the server and this is time consuming too.
What can I do on my side to avoid all this, if it is possible to avoid it?
When using HTTPS, you must use a name that is on the certificate.
I doubt an IP (especially one like: 192.168.x.x) is on any globally signed certificate.
So, use the name - if the name doesn't resolve to the internal IP, then you can override DNS resolution by using a hosts file entry.
Thank you for the prompt reply. Yes, if I do use the name signed on the certificate there is no problem also locally, then I don’t know you, I do sometimes have the attitude to administer my local resources using them Ip instead of them names.
From your reply it seems there is no way to say locally to my browsers not to block 192.168.1.160 (example) becouse it belongs to me. I have always to remember to call my servers with them name.
You would have to generate your own cert for the IP 192.168.x.x. [preferably with a long lifespan].
And create a secure site that would use that cert to service that name ("192.168.x.x").
Then you would have to install that cert in the trusted folder of any client systems that want to use it [without getting annoying security message each time].
It could be the solution. My Synology servers allow me to create local certificates. So i Just need that, create a local certificate and export it to any client machine I think I would use to administer those servers and this will solve the problem? No need for an authority certification right to my local use?