I’ve done the above search with Google and the millions of hits aren’t really addressing my situation. I’m writing a microcontroller system that is meant to be inside of a local area network (not meant to be exposed outside). The original web server program that has been around for years, is on a microcontroller that can’t handle the SSL load. It’s finally gotten to the point that too many devices simply won’t browse with a plain http site… even internally on a private LAN. In this new incarnation, I want to use a real web server and because Caddy supports SSL so elegantly, I thought I’d give it a try.
The server is now on a Raspberry Pi Zero W and I’ve got a test page working with the simple Caddyfile:
root * /var/lib/InqVault/ui
Where RasDev is the RasPi’s computer name. This works just great on my LAN on Windows, Linux, Android and iPhone browsers and solves my main problem. It gives “Not secure” notices and makes me accept the “risks” before going to the page the first time. What I’d like to know from you web server and/or security experts is… what are those risks on the inside of a private LAN?
- I’ve looked in what the browser shows me is in this cert and everything is blank.
- Is there some more secure, intermedicate solution between this blank cert and having to register a URL and buying a real cert?
- I assume the traffic going across the WiFI airwaves is still encrypted, therefore that is certainly better than http.
- Does this blank cert make it easier for a hacker using WiFi sniffing packet reader gain entry into the LAN?
Thanks for any insight you might share.