So i’m familiar with certs and domain names etc, and CA’s on the internet, but what I want to do is create a cert for all my LAN based services that have a login page, just to prevent local MITM attacks. Things like

pfSense
Netbox
HomeAssistant
piHole

all these locally accesses webservers, is it possible to create a cert and install on the devices I will be accessing them from? Do I need a CA to be running all the time to validate this CERT?

I also have a domain name, and was thinking about creating records for each service, such as

pfsense.domain.com, and just adding static DNS entries so these A records are only able to be resolved locally.

Has or does anyone currently do this?

Thanks

https://preview.redd.it/g0v814pqtwxb1.png?width=1200&format=png&auto=webp&s=97ad97e58337c5972f01e625f00e8af5c59ed553