How to implement the valid SSL for a local network without internet access?
I am developing an IoT device that exposes its own access point and shows a web page for configurations. The webpage is accessible only if you know the password of the access point.
On the device, I am running an nginx and dnsmasq to be able to expose the configuration web page by simply entering a domain name and since the connected to the access point device is in the local network dnsmasq handles the DNS requests.
I also bought the primary domain name <mydomain.com> that will be shadowed by dnsmaq once the client is connected to the access point.
Since I want to add some encryption and modern browsers do not like http:// prefix on your domain names.
What is the strategy to allow clients to access the local web page through SSL/TLS.
- I thought about the strategy where each device will have a unique subdomain
<3hyl.mydomain.com> and will generate its own SSL certificates with letsencrypt DNS01 challenge from the primary domain. But the problem here is that my device is not always connected to the internet to perform the certbot challenge.
- A also tried to use mkcert but the issue there is that installation of
root certificate is needed on the client's device. Especially this is an issue to install the certificates on modern Android and/or IOS.
