So i’m familiar with certs and domain names etc, and CA’s on the internet, but what I want to do is create a cert for all my LAN based services that have a login page, just to prevent local MITM attacks. Things like
pfSense
Netbox
HomeAssistant
piHole
all these locally accesses webservers, is it possible to create a cert and install on the devices I will be accessing them from? Do I need a CA to be running all the time to validate this CERT?
I also have a domain name, and was thinking about creating records for each service, such as
pfsense.domain.com, and just adding static DNS entries so these A records are only able to be resolved locally.
Has or does anyone currently do this?
Thanks
Caddy or traefik or swag do this. These act as reverse proxies.