←back to thread

Just want simple TLS for your .internal network?

(github.com)
246 points nh2 | 2 comments | 18 Oct 24 06:10 UTC | HN request time: 0.4s | source
Show context
nh2 ◴[18 Oct 24 06:10 UTC] No.41876742[source]
I did some research, write-up and scripting about the state of X.509 Name Constraints, so that people you give your CA cert to don't need to trust you not to MitM them on other domains.

Packaged into a convenient one-liner to create a wildcard cert under for the new .internal TLD.

Please scrutinize!

I use this to provide e.g. at home:

    https://octoprint.myhome.internal
    https://paperless.myhome.internal
to provide transport encryption of these services in the local WiFi.

Friends and family can add the CA root to their devices without having to worry about me MitM'ing their other connections.

replies(2): >>41912265 #>>41912340 #
1. ulfbert_inc ◴[22 Oct 24 08:16 UTC] No.41912265[source]
Niklas, if you are reading this - it was a pleasure to interview with you some 6 (or so) years ago :) thanks for the script and the research, I will make use of it.
replies(1): >>41918651 #
2. nh2 ◴[22 Oct 24 21:00 UTC] No.41918651[source]
Thanks Vadzim, I remember -- happy to be useful :)