What about internal IPv4 addresses? Can we have browsers ignore 192.168.x.x, 172.16.x.x and 10.x.x.x if we can't get certs for those or can we get a public wildcard for internal networks?
replies(4):
But what problem is it that you want to solve?
For local development, one can use a tool such as mkcert. For shared internal resources (e.g. within a company), it’s probably easier to use a TLS cert tied to a domain instead of using naked IP addresses.
Every time I open a browser I need to click two buttons to get past the certificate error. Sure I could configure a real domain, do split DNS and get a certificate but these cameras require manual uploading a certificate. I would need to do this every three months for every camera and eventually even more frequently.
* https://smallstep.com/blog/private-acme-server/ ; https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi...
* https://openvpn.net/community-resources/setting-up-your-own-...
* https://www.digitalocean.com/community/tutorials/how-to-set-...
Import the CA's root cert on your browsing devices and anything it issues will be trusted.
Another option could be to put the cameras behind a reverse proxy (e.g. Nginx or Envoy) and terminate TLS there.