How lightbulbs and TVs can do HTTPS without certificate warnings

When your web browser visits a secure website, the experience is seamless. Many in-home appliances also have web servers built in. If you were to point your browser to a WiFi-enabled lightbulb running its own web server at, the browser would most likely give you a big scary warning.

What to do? This writeup explains most of the technical details of how plex did it. I think it’s a fascinating read. There are at least a couple of CAs that offer services to make this possible.

“… they partnered with Digicert to issue a wildcard certificate for * to each user…”

“the client, instead of connecting to, connects to which resolves to the same IP, but with a domain name that matches the certificate that the server (and only that server, because of the hash) holds.”