{"id":1481,"date":"2020-07-08T15:36:34","date_gmt":"2020-07-08T21:36:34","guid":{"rendered":"http:\/\/jaredrobinson.com\/blog\/?p=1481"},"modified":"2020-07-20T16:06:08","modified_gmt":"2020-07-20T22:06:08","slug":"how-lightbulbs-and-tvs-can-do-https-without-certificate-warnings","status":"publish","type":"post","link":"https:\/\/jaredrobinson.com\/blog\/how-lightbulbs-and-tvs-can-do-https-without-certificate-warnings\/","title":{"rendered":"How lightbulbs and TVs can do HTTPS without certificate warnings"},"content":{"rendered":"<p>When your web browser visits a secure website, the experience is seamless. Many in-home appliances also have web servers built in. If you were to point your browser to a WiFi-enabled lightbulb running its own web server at https:\/\/192.168.1.123, the browser would most likely give you a big scary warning.<\/p>\n<p>What to do? This writeup explains most of the technical details of how plex did it. I think it&#8217;s a fascinating read. There are at least a couple of CAs that offer services to make this possible.<\/p>\n<p><a href=\"https:\/\/blog.filippo.io\/how-plex-is-doing-https-for-all-its-users\">https:\/\/blog.filippo.io\/how-plex-is-doing-https-for-all-its-users<\/a><\/p>\n<p>&#8220;&#8230; they partnered with Digicert to issue a wildcard certificate for *.HASH.plex.direct to each user&#8230;&#8221;<\/p>\n<p>&#8220;the client, instead of connecting to http:\/\/1.2.3.4:32400, connects to https:\/\/1-2-3-4.625d406a00ac415b978ddb368c0d1289.plex.direct:32400 which resolves to the same IP, but with a domain name that matches the certificate that the server (and only that server, because of the hash) holds.&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When your web browser visits a secure website, the experience is seamless. Many in-home appliances also have web servers built in. If you were to point your browser to a WiFi-enabled lightbulb running its own web server at https:\/\/192.168.1.123, the browser would most likely give you a big scary warning. What to do? This writeup &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/jaredrobinson.com\/blog\/how-lightbulbs-and-tvs-can-do-https-without-certificate-warnings\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How lightbulbs and TVs can do HTTPS without certificate warnings&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,17],"tags":[],"class_list":["post-1481","post","type-post","status-publish","format-standard","hentry","category-security","category-tech"],"_links":{"self":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/comments?post=1481"}],"version-history":[{"count":12,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1481\/revisions"}],"predecessor-version":[{"id":1495,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1481\/revisions\/1495"}],"wp:attachment":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/media?parent=1481"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/categories?post=1481"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/tags?post=1481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}