TLS certs for internal OTS hardware
Most off the shelf hardware devices use a web app as their primary user interface however most currently do it either over HTTP or use HTTPS but with a self-signed certificate. This project offers a way for vendors to ship boxes which, on boot, will pick up a valid certificate from Lets Encrypt to allow their users to safely access them whatever network they are placed on.
This project is a proof of concept demo of the process I talk about in my blog post TLS certs for internal OTS hardware.
There is also an accompanying post on how to get this project working - TLS certs for internal OTS hardware - Proof of Concept - but here is a summary for those who want to get started without having to read all about it.
To get started, you'll need:
- A domain to issue certificates for.
- A Cloudflare account and API key.
- A working Go environment
Clone the project:
go get -v github.com/digininja/ots-cert-demo
Build the server:
cd ~/go/src/github.com/digininja/ots-cert/server go get -v ./... go build cp ots-cert-server.cfg-template ots-cert-server.cfg
Edit the config file
ots-cert-server.cfg with your chosen domain name and API details.
Start up the server:
./server INFO Starting the server INFO No valid certificate found, going to create a new one INFO Creating DNS record INFO Starting web server on: https://otsserver.ots-cert.space:9443
Build the client:
cd ~/go/src/github.com/digininja/ots-cert/client go get -v ./... go build cp ots-cert-client.cfg-template ots-cert-client.cfg
You will need to edit the config file so it has the right address for the server.
Run the client:
./client INFO The hostname is: nifty-babbage.ots-cert.space INFO The certificate was generated INFO Setup complete, browse to https://nifty-babbage.ots-cert.space:8443
Browse to the client to check all is working:
curl https://nifty-babbage.ots-cert.space:8443 Congratulations, you should be viewing this over HTTPS on your custom domain.