Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don’t believe that makes sense in the context of certificates generated by a public CA. Unlike domain names, there’s not one owner of 10.10.10.10, there are millions of “owners”…

But what problem is it that you want to solve?

For local development, one can use a tool such as mkcert. For shared internal resources (e.g. within a company), it’s probably easier to use a TLS cert tied to a domain instead of using naked IP addresses.



My cameras are internally accessibly via https.

Every time I open a browser I need to click two buttons to get past the certificate error. Sure I could configure a real domain, do split DNS and get a certificate but these cameras require manual uploading a certificate. I would need to do this every three months for every camera and eventually even more frequently.


There are numerous tutorials on running your own private certificate authority (CA):

* https://smallstep.com/blog/private-acme-server/ ; https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi...

* https://openvpn.net/community-resources/setting-up-your-own-...

* https://www.digitalocean.com/community/tutorials/how-to-set-...

Import the CA's root cert on your browsing devices and anything it issues will be trusted.


Good idea. In Firefox, one could have a separate profile for this, so that the CA cert is not imported in one’s general profile.

Another option could be to put the cameras behind a reverse proxy (e.g. Nginx or Envoy) and terminate TLS there.


and IP certs would help how? you'd have to upload every 6 days.

just run your own CA with ~infinite lifespan.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: