Creating SSL certificates that can work on any local area network?
Let's say I made a platform called the HelloWorld Platform
. The HelloWorld Platform
consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script which then sends information via curl
to the RaspberryPi with the PHP REST API over the Local Area Network via Wifi.
A customer bought my HelloWorld Platform
. My customer says he wants me to encrypt traffic between the two RaspberryPi with TLS/SSL. My customer plans to move the HelloWorld Platform
from one physical location to another (eg. sometimes he will use HelloWorld Platform
in his office, sometimes at his home, sometimes in another country, sometimes on a boat at sea etc...). Thus, the local network ip address of the two RPIs will change every time he uses the platform at a different physical location on a different Local Area Network.
While at his office, his two PIs might have the ip address 192.168.0.10
and 192.168.0.11
. While on a boat at sea, it might be 172.0.2.23
and 172.0.2.24
. Etc....
I want to generate one certificate authority that signs one set of certificates that can be verified against all the different ip addresses that could come up.
It seems like I'm asking for some kind of "super wild card" certificate, which I think is not possible? Or is there a better way to handle this situation without having to generate new certificates every time the customer uses a different LAN?
My PIs can get around the problem by adding the -k
option like curl -k POST https://<ip of other PI>/
. But I prefer for ssl verification
to take place.