Hey,
I’m trying secure the nodered version 3.0 and change http to https with the help of self signed certificates since its running in ip address.
Issue:
I’m able to access the https site with self signed x509 certificate but it gives a warning before redirecting me to the site saying insecure website. Then I have to click advanced and get redirected to the site.
I would like to access the https site without this warning. Is there any possibility to get CA signed certificate for the nodered ip address ? Could you please suggest any other way to get the CA signed certificate for nodered ? Or to access it without getting the warning.
You cannot have a public cert on an IP address since the addresses are too easily spoofed. So to have one, you need a public registered domain. Then, if using that internally on your LAN, you need to either have a local DNS that can respond to that public address with the local IP (sometimes called "hairpin" DNS) or you need to distribute HOSTS files with the domain to IP address mapping.
Sounds like a lot of work though generally it is fiddly rather than that much work.
The alternative is to continue to use self-signed certs but to load the root certificate to the trusted root cert stores everywhere it is needed (mostly client PC's). This is also very fiddly to get right. There are some threads way back in the forum that describe how to do that.
Using the HOSTS file method or self-signed certs against an IP address are both relatively insecure due to the ease of spoofing IP addresses. But that might not be an issue if you are using in a relatively low-value, low-security closed environment.
