Im writing a visitor managenment app for use on a few sites (where we have already installed a clocking system) but each will local access only from one or 2 tablets on the local network but due to needing to write to and from a csv file on teh server for logging and access to teh camera it has to be done over https, for testing i just generated a key in windows with open ssl but this wont work when im deploying it at customers sites , any advice on which way to proceed shuld i get certbot set up and generate a new key for each site or just use one key for all of them as they are all going to be runing over local network and not external facing
So for https to work in general you need either a self-signed certificate that's trusted on all your clients (browsers etc), where you have updated all those clients to specifically include that (or it's issuers root certificate) as a trusted cert, or you use a a standard public trusted certificate (issued by a root that's already known and trusted by common browsers.
To get a public cert from Let's Encrypt etc you first need a real domain name that could at least theoretically be found in public DNS, e.g. cam-01.site56.yourdomain.com, then you need to order a certificate using an ACME client (Certbot is one, but is not supported on Windows) for that domain, during that process you need to prove you control the domain and that's normally done with automation (HTTP domain validation or DNS domain validation).
Once you have a certificate (which is a private key + a certificate, issued by a certificate authority), you need to deploy it to your service, that varies depending on what the service is and how it's normally configured to use a certificate (e.g. PFX files, PEM files, Local machine certificate store etc).
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.