this post was submitted on 02 Nov 2023
1 points (100.0% liked)

Homelab

371 readers
3 users here now

Rules

founded 1 year ago
MODERATORS
communick@selfhosted.forum
rglullis
1
Certificates for locally self-hosted services? (alien.top)
submitted 1 year ago by deanfourie1@alien.top to c/homelab@selfhosted.forum
5 comments fedilink hide all child comments
 

So i'm familiar with certs and domain names etc, and CA's on the internet, but what I want to do is create a cert for all my LAN based services that have a login page, just to prevent local MITM attacks. Things like

pfSense
Netbox
HomeAssistant
piHole

all these locally accesses webservers, is it possible to create a cert and install on the devices I will be accessing them from? Do I need a CA to be running all the time to validate this CERT?

I also have a domain name, and was thinking about creating records for each service, such as

pfsense.domain.com, and just adding static DNS entries so these A records are only able to be resolved locally.

Has or does anyone currently do this?

Thanks

https://preview.redd.it/g0v814pqtwxb1.png?width=1200&format=png&auto=webp&s=97ad97e58337c5972f01e625f00e8af5c59ed553

you are viewing a single comment's thread
view the rest of the comments
[–] nolo_me@alien.top 1 points 1 year ago

I don't have a static IP, so I had to do it by a roundabout route. First I set up dynamic DNS at mydomain.duckdns.org and configured pfsense to update it, then I CNAMED lan.mydomain.com to it. I used the ACME package on pfsense to grab a wildcard cert for *.lan.mydomain.com, set up local DNS records in pfsense's resolver for the various services and proxied them in pfsense's HAProxy package.