Certificate structure for accessing a local device from a web app
I have a pretty standard web app (react client, node server), https-enabled.
I want to add the ability for the web app to access a device on the local LAN. The device has REST APIs and I can install a certificate in it to enable https.
Here's a simplified view of the system:
I have control over my server on the Internet and can install a certificate in the device as well. I can also add records to DNS to add my local device as a subdomain (foo.example.com -> 192.168.X.Y).
I installed a self-signed certificate into the device so I could access it with https, however, my users still have to explicitly navigate to the device's web page and accept the warnings about insecure access before my app's API access will work.
I'd like to be able to set up this device on my network so anyone on the network can access it via my web-hosted app without having to override a security warning.
So the question(s):
- Is it possible to make this work within the bounds of a standard web app?
- If so, what certificate/cors configuration would make this possible?
