Having SSL for all home network

[bookie56]

Hi guys!
New guy on the block....and before I get shot down...I know that my question has been asked before...just that searching on the forum is not easy...

Here is the situation....
I have a home network consisting of many computer some Windows most Linux....
It would be nice to be able to access everything on my home network without getting ssl certificate is not safe...
Yes, I know how to add selfsigned ones....but it means adding the certificates on all devices in my network...bit time consuming.

Is there a kind sole here that can get me up and running with that....?
I have heard good things about duckdns...but am open to advice from those that can....

I have only recently made the switch from pfsense to opnsense.....when something is opensource it should be left open source....or still provide the same quality of service to home users....which sadly is not the case with pfsense any more...

Running a business I don't always have the time to research things and a family member was horrified that I was on pfsense using a closed source product...


I do not mind putting the work in to set all this up - if someone would help me.....

My router at the moment has a four port nic and instead of vlans I have a dedicated port for company...company wifi....private...and private wifi ...

With firewall rules stopping the company network being able to talk to the private network.....

I will stop waffling on now...

Thankyou!

bookie56

[ProximusAl]

I use this
https://certifytheweb.com/

with powershell/ssh scripts etc to deploy to OPNSense, NAS's, nginx etc...all sorts.

[nero355]

I have a home network consisting of many computer some Windows most Linux....
It would be nice to be able to access everything on my home network without getting ssl certificate is not safe...
Yes, I know how to add selfsigned ones....but it means adding the certificates on all devices in my network...bit time consuming.

Is there a kind sole here that can get me up and running with that....?
I have heard good things about duckdns...but am open to advice from those that can....

Do you want to get rid of the warning just locally or do you want to access everything from the internet either via Reverse Proxy or perhaps WireGuard which would then still make it local ??

Self-Signed SSL Certificates are easy to work with when using Pale Moon as your browser : Just click two or three times and you have added the certificate as an exception and you are DONE! :)

All other browsers have made it a very unnecessary complicated process over the years which is a shame really...

[Patrick M. Hausen]

I run an internal CA with a lifetime of 20 years and generated a wildcard cert with a lifetime of 825 days (the maximum for me because Apple messed up) for my internal domain. This goes on all devices where I absolutely cannot use ACME and Letsencrypt, like e.g. my UPS.

Uptime Kuma monitors all my internal devices including certificate lifetime. Rolling out a new one every 2+ years is ok for me.

[bookie56]

Hi guys!
Thanks for coming by...
ProximusAl that sounds interesting....but probably a little more than I was looking for...but do elaborate a little so I can get a better understanding...

nero355 Yes, everything that is on tha lan....which in my case covers four ports...I like your suggestion and definitely will look into Palemoon..I agree with protecting my privacy which as we all know Microsoft never will, Chrome is as bad....

Patrick M. Hausen can you elaborate a little...sounds also very interesting.... just want everything from my lan side to not have to worry about ssl certs all the time and the fact it doesn't matter what device on the network that connects is also ok...

I have a lot of servers running OMV but they are not online all of the time only when I am backing up files...I am looking into a server on line all of the time like opnsense that will backup all of my business via NextCloud to eliminate the need for the crap called onedrive....

bookie56

[nero355]

Yes, everything that is on tha lan....which in my case covers four ports...I like your suggestion and definitely will look into Palemoon..I agree with protecting my privacy which as we all know Microsoft never will, Chrome is as bad....

I think it's the easiest way to just browse to your devices in the future without annoying warnings/errors/pop-ups but just keep in mind one thing :

Sometimes you might encounter compatibility issues with certain webGUI choices because of the simpel fact that webdeveloping standards are a mess and almost everyone seems to go for "Internet Explorer 6.0 v2.0" a.k.a. Google Chrome/Chromium sadly...

So some webGUI elements/buttons/checkboxes/etc. might be missing or shown different here and there sometimes!

For example : https://forum.opnsense.org/index.php?topic=51087.msg261425#msg261425

[bookie56]

Hi nero355!
I definitely like Palemoon but there is a fly in the ointment....there is no support for Bitwarden.....
Have you any other suggestions that are supported in Palemoon?

bookie56

[nero355]

Have you any other suggestions that are supported in Palemoon?

I don't use such software so I guess have a look around @ https://addons.palemoon.org/extensions/ ??
Search for example : https://addons.palemoon.org/search/?terms=password

You could also try : https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/
Some Mozilla Firefox Extensions/Add-Ons also work in Pale Moon if they are the NPAPI variant!

Good luck! :)