Die von uns entwickelten Geräte haben einen Webserver zu Konfigurationszwecken. Dieser hat keinen Internetzugang. Wie kann ich ein Zertifikat für diese Server bekommen um HTTPS zu ermöglichen? Gibt es für diese Fälle eine Dokumentation, die uns helfen könnte?
Hi @thopf
you have to use a public visible domain name. Then create a subdomain
random-string.yourdomain.com
per customer, then a certificate via dns validation.
Then you have to use that url to connect your webserver.
PS: FritzBox with myfritz.net has the same.
Steps to follow:
- Choose one of the many ACME clients available which can run on any computer, not necessarily your offline device;
- Get a certificate for a publically resolvable hostname (which is an absolute requirement) using the DNS-01 challenge;
- Put the private key, certificate and intermediate certificate obtained in step 2. on some kind of transfer device (floppy, CD, DVD, USB stick) and transfer it to your offline device;
- Profit.
PS: One thing is fatal: Letsencrypt certificates are 90 days valid.
Without Internet access: How do you want to create and deploy new certificates?
PPS:
Most informations are already shared - please read your 20 days old topic.
thanks to all. Yes the 90 days are a problem, because our units are not able to connect via internet. So the certicates are not renewable by standard methods. The Fritzbox does not have this restriction. Also we have seen that most SIP-Proxyservers accept old certificates, but this is a second problem regarding SIPS.
Every 2 to 3 months a road trip with floppy drive, CD, DVD or USB stick 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.