|
I'm redoing my internal network in light of a fancy internet upgrade (real upstream!). I bought a real domain with a real wildcard SSL cert to use mostly internally for organization, but also with a small number of internet-accessible things (e.g. OpenVPN server). Something that surprised me setting up my first hosts with the cert and accessing them internally. https://edge.mydomain.tld/ -- works fine, yay https://edge/ (search domain: mydomain.tld) -- ERR_CERT_COMMON_NAME_INVALID I guess this is because the OS network stack is the one translating edge to edge.mydomain.tld and the browser knows nothing of it? But I like the succinctness of using a Search Domain (or as Windows likes to say: connection-specific DNS suffix) locally! Is there some weird trick to make this happy? (Is there even just some way to configure or plugin Chrome to do the heavy lifting and give me the desired user experience?).
|
# ¿ Feb 16, 2021 02:01 |
|
|
# ¿ Apr 26, 2024 07:45 |
|
I've been using 1Password since the stone ages and it still strikes me as the best one. I used to sync the database myself via rsync and then DropBox . Some year I finally gave in and subscribed to their hosted sync service. I also set up my Dad successfully with it.
|
# ¿ Feb 16, 2021 20:24 |
|
Rufus Ping posted:Unless you fancy running your own internal CA and signing the certs with both foo and foo.whatever.com as subject alternative names and installing that root cert on all your devices This piques my interest but is probably too annoying. I suppose I don't mind doing a little work and installing my own root cert on my most-used devices. But my guess is that I can't have both my own CA/cert for foo and then also a real trusted CA/cert for foo.mydomain.tld? (Maybe with a fancy dedicated https server, but note that in a bunch of cases here I'm just adding certs to pfsense, plex, freenas, etc, etc?). Subjunctive posted:make http://edge/ redirect to https://edge.mydomain.tld/ if you want to save the typing Yeah, I might do something like this. Though instead of running a bunch of http servers - I'd really just like Chrome itself to be aware of my "default DNS suffix" preference and do the redirecting on its own. Come on, where's the dumb plugin for this? BlankSystemDaemon posted:Also, combine it with split-horizon DNS, just for fun. Hmm... Combat Pretzel posted:Well, use the full name internally, too. Yeah, well, OK, maybe.
|
# ¿ Feb 16, 2021 20:35 |