←back to thread

Should you use Let's Encrypt for internal hostnames?

(shkspr.mobi)
238 points edent | 1 comments | 05 Jan 22 12:42 UTC | HN request time: 0s | source
Show context
ChrisMarshallNY ◴[05 Jan 22 14:58 UTC] No.29809728[source]
This is an interesting topic, for me.

I write iOS apps, and iOS requires that all internet communications be done with HTTPS.

It is possible to use self-signed certs, but you need to do a bit of work on the software, to validate and approve them. I don't like doing that, as I consider it a potential security vector (you are constantly reading about development code that is compiled into release product, and subsequently leveraged by crooks).

I am working on a full-stack system. I can run the backend on my laptop, but the app won't connect to it, unless I do the self-signed workaround.

It's easier for me to just leave the backend on the hosted server. I hardly ever need to work on that part.

replies(3): >>29809863 #>>29810001 #>>29810540 #
1. 0x0 ◴[05 Jan 22 15:08 UTC] No.29809863[source]
If you create a custom SSL CA, you can add that CA to your ios devices and simulators, and they will trust your backend served with an SSL certificate issued by your custom CA, no app modifications needed. (On modern Android, this does not work out of the box - it requires the custom SSL CA fingerprints to be added to a network configuration file embedded in the app - but you could always use gradle flavors and only add it to your debug/development builds)