alt Hacker NewsYou need a fake DNS entry on your local network for this to work - I would call that a hack.
And what if you aren't running a public webserver like 99% of normal people out there?
> But how would it ever work otherwise? The CA needs to have some publicly accessible way to check your control of the domain, right?
I mean that's exactly the problem: Why do you have to rely on the public CA infrastructure for local devices?
Consider the scenario of a smart wifi bulb in your local network that you want to control with your smartphone.
IMO it would be great to have your home router act as a local CA that can only issue certificates for .local domains and have that trusted per default by user agents. Would make smart home stuff a lot better than the current situation...
> IMO it would be great to have your home router act as a local CA that can only issue certificates for .local domains and have that trusted per default by user agents. Would make smart home stuff a lot better than the current situation...
How would you talk to the router and make sure the communication is actually with the router and not someone else? The browser/lightbulb comes with trusted CAs preinstalled, but then you would have to install the routers CA cert on every device you add to the network.