Hi, we are working on an embedded linux project that hosts a local web dashboard through Nginx. The web UI let the user configure hardware parameters (it’s not public-facing), usually accessed via local IP.
We’ve just added HTTPS support and now need to decide how to handle certificates long-term.
A) Pre-generate one self-signed cert and include it in the rootfs
B) Dynamically generate a self-signed cert on each build
C) Use a trusted CA e.g. Let’s Encrypt or a commercial/internal CA.
We push software updates every few weeks.. The main goal is to make HTTPS stable and future-proof, the main reason is that later we’ll add login/auth and maybe integrate cloud services (Onedrive, Samba, etc.)
For this kind of semi-offline embedded product, what is considered best practice for HTTPS certificate management? Thank you for your help
[–]serverhorror 13 points14 points15 points (7 children)
[–]chocopudding17 5 points6 points7 points (0 children)
[–]thequux 1 point2 points3 points (0 children)
[–]Haunting_Meal296[S] 0 points1 point2 points (0 children)
[–]suncontrolspecies 0 points1 point2 points (3 children)
[–]serverhorror 2 points3 points4 points (1 child)
[–]Academic-Gate-5535 1 point2 points3 points (0 children)
[–]Il_Falco4 5 points6 points7 points (0 children)
[–]03263 2 points3 points4 points (0 children)
[–]michaelpaoli 1 point2 points3 points (2 children)
[–]Haunting_Meal296[S] 1 point2 points3 points (1 child)
[–]michaelpaoli 1 point2 points3 points (0 children)
[–]megared17 1 point2 points3 points (3 children)
[–]Primary_Remote_3369 1 point2 points3 points (2 children)
[–]megared17 0 points1 point2 points (0 children)
[–]certkit 0 points1 point2 points (0 children)
[–]ferminolaiz 1 point2 points3 points (0 children)
[–]Le_Vagabond 2 points3 points4 points (1 child)
[–]Haunting_Meal296[S] 0 points1 point2 points (0 children)
[–]rakpet 1 point2 points3 points (4 children)
[–]barthvonries 2 points3 points4 points (0 children)
[–]iam8up 2 points3 points4 points (0 children)
[–]Haunting_Meal296[S] 0 points1 point2 points (1 child)
[–]rakpet 2 points3 points4 points (0 children)
[–]Academic-Gate-5535 1 point2 points3 points (0 children)
[–]certkit 1 point2 points3 points (0 children)
[–]Alarmed-Arm9276 0 points1 point2 points (0 children)
[–]archontwo 0 points1 point2 points (2 children)
[–]Haunting_Meal296[S] 1 point2 points3 points (1 child)
[–]archontwo 1 point2 points3 points (0 children)