top | item 25989707

(no title)

You're totally right. Although in my experience this is much easier to maintain with "upstream root certificates" (not sure how you'd call them) then self-signed certs. Applications like Home Assistant are already TLS aware and simply trust all root certs which are available on the host. With self signed certs, you have to distribute them all by yourself.

Besides this trade-off, you have to check all clients to be TLS aware on beforehand. In my setup, all clients were capable of TLS. The only hassle are my NodeMCU devices which need to swap the WifiClient to a WifiSSLClient and you need to embed the public DST Root CA X3 yourselves.

discuss

No comments yet.