Setting up SSL for localhost and LAN connections

Question

I have set up a LAMP server with phpmyadmin. I have apache2 configured (through the Headers mod) to only allow SSL connections, but this is keeping me from accessing phpmyadmin on the LAN. When I setup a subdomain and LetsEncrypt cert I have no problem accessing phpmyadmin (phpmyadmin.example.com), but if I try to access it from the LAN or on the server itself, I can't do so securely, so I can't log in.

Well, on the actual server I can just jam https://localhost/phpmyadmin into the browser and accept the insecure connection warning, but that doesn't work when using a different computer on the LAN ( https://server-name/phpmyadmin ). I'm not crazy about having phpmyadmin accessible to the outside, even with password protection.

Is there a way to establish a secure connection on a LAN, or do I need some way to exempt the /phpmyadmin folder from the SSL requirement? Can this be done for LAN connections only?

Answer 1

You have to access the URL using the same hostname which was provided as CN or SAN during certificate generation.

Since you want to access the application locally using localhost and any CA will not sign your certificate which has CN value localhost , you need to live with slef sign certificate generated against localhost and import to your keystore.

Command to generate self-signed certificate against localhost:

openssl req -x509 -out localhost.crt -keyout localhost.key \ -newkey rsa:2048 -nodes -sha256 \ -subj '/CN=localhost' -extensions EXT -config <( \ printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Here is an article on the same.