Let's say I made a platform called the HelloWorld Platform. The HelloWorld Platform consists of one RaspberryPi that hosts PHP based REST API and one RaspberryPi that has temperature sensor that relays data to a self-hosted bash script which then sends information via curl to the RaspberryPi with the PHP REST API over the Local Area Network via Wifi.
A customer bought my HelloWorld Platform. My customer says he wants me to encrypt traffic between the two RaspberryPi with TLS/SSL. My customer plans to move the HelloWorld Platform from one physical location to another (eg. sometimes he will use HelloWorld Platform in his office, sometimes at his home, sometimes in another country, sometimes on a boat at sea etc...). Thus, the local network ip address of the two RPIs will change every time he uses the platform at a different physical location on a different Local Area Network.
While at his office, his two PIs might have the ip address 192.168.0.10 and 192.168.0.11. While on a boat at sea, it might be 172.0.2.23 and 172.0.2.24. Etc....
I want to generate one certificate authority that signs one set of certificates that can be verified against all the different ip addresses that could come up.
It seems like I'm asking for some kind of "super wild card" certificate, which I think is not possible? Or is there a better way to handle this situation without having to generate new certificates every time the customer uses a different LAN?
My PIs can get around the problem by adding the -k option like curl -k POST https://<ip of other PI>/. But I prefer for ssl verification to take place.
--resolveor--connect-to. PS:curl -k POSTis invalid,[-k] -x POSTis legal but if you use any of the--form*/-For--data*/-doptions to specify body those automatically use POST so it's redundant.