Hi, I am using BalenaCloud for my fleet. My customers will be communicating to the iot-device in their local network via an (ionic) app. But this communication should run over https. I have added a self-signed-certificate to the api so it’s running over https but still is not ‘that’ secure. When navigating to an api-endpoint the browser even warns you about the potential danger.
I can imagine this being a pretty common use-case, where end-users need to connect to the iot-device using a browser, and you don’t want to show the end-user about any https warnings.
What is the recommended way to get https working on your containers with a ‘real certificate’? If I understand correctly I cannot use something like Let’s Encrypt, it’s not a publicly available website or anything.
You could definitely use LetsEncrypt if you’re going to issue a cert on a domain that you own. Since your devices are on a local network, you could use the DNS-01 challenge to accomplish issuing certs.
Your main issue is going to be resolving the hostname via DNS to the IP of the local device, but if you can get around that, DNS-01 will work well for this use case.
Another alternative is to issue a wildcard cert, to say *.devices.myapp.com, and then have a public DNS resolver that resolves the internal IP in dash-format to an internal ip (I.e 192-168-1-1.devices.myapp.com resolving to 192.168.1.1), but you’ll have to ensure that the internal DNS servers don’t have DNS Rebinding blocking enabled, otherwise this won’t work.