Is it at all possible to create a self-signed certificate for use on multiple machines on a local network which would stop the browser complaining it is not a trusted site?
We have a product which is basically a computer running lighttpd to serve a web interface for configuring the computer (sort of how a router has a web interface). There can also be many of these machines running on the same network with dynamic IP's. What I basically want to do is enable SSL for extra security but I don't want people who are on the local network to be given a browser warning about the certificate not being trusted.
Is this at all possible?
Best Answer
Yep.
As long as you control the certificate caches on the local machines, this is easy.
First, create a CA Root.
Set the CA root certificate expiry to be like, 20 years. Export the CA root public certificate as a pem file, and install it onto the client PCs. It'll appear as a Trusted CA Certificate.
Then use that CA to sign the CSR for the servers you wish to SSL encrypt. Then install the certificate you've generated there into the webserver's SSL certificate store, and configure the server to use that certificate.
If it's worked correctly, you'll be able to browse to the website, see that it's https encrypted, but as it's a pre-stored root certificate, you won't get the ugly red warning boxes and bars.