I would really love to see some kind of LAN TLS solution that doesn't rely on requiring you to have your own CA. I've thought a fair bit about the problem, but haven't come up with any solutions that I like.
Browsers, rightfully so, don't accept self-signed certificates. Active Directory and Group Policies can push out a trusted self-signed root CA certificate and generate certs that endpoints can use, but that's a pain in the ass and usually requires central IT to manage.
Please someone come up with something I haven't thought of yet that doesn't break the internet but gets useful certs onto my LAN!
Browsers, rightfully so, don't accept self-signed certificates. Active Directory and Group Policies can push out a trusted self-signed root CA certificate and generate certs that endpoints can use, but that's a pain in the ass and usually requires central IT to manage.
Please someone come up with something I haven't thought of yet that doesn't break the internet but gets useful certs onto my LAN!