TLS Certificate
TAO Community Edition requires HTTPS communication to support advanced features, and HTTPS protocol relies on trust relationship between server and browser.
Currently, we rely on Caddy to route internal traffic and expose services.
Depending how you want to expose TAO Community Edition, you may choose from different methods to support TLS Certificate:
-
you can keep self-signed certificate, however your users will always face a warning from their browser at first connection
-
for a local usage, TLS Certificate signature can be challenging and requires a private Certificate Authority
-
for a public usage, Caddy can attempt to automatically submit a certificate for signature.
Here is a short comparaison of those methods:
| Local self-signed | Local CA | Public CA | |
|---|---|---|---|
| Automatic TLS | ✅ not trusted | ❌ | ✅ trusted |
| Trusted CA by default | ❌ | ❌ | ✅ |
| Local-only | ✅ | ✅ | ❌ |
| Setup complexity | low | high1 | medium2 |
| Requires public DNS zone | ❌ | ❌ | ✅ |
Keep in mind
Using a public domain for a local host may introduce additional risks for your users.
-
Local CA requires a public key infrastructure ↩
-
Relying on Public CA requires a public DNS zone ↩