I’m working on a web application running on a server. There will be clients (smartphone browsers) connecting to the server via HTTPS over a WiFi that wouldn’t be connected to the internet. It would mostly be used for 1-day events.
The problem: Is it possible to have HTTPS without the internet?
- We cannot add any certificates to the clients’ truststores. Neither can we configure the clients in any other way. Clients will be random people visiting the event
- The clients cannot access the internet to verify CRL/OCSP. There just might be no internet connection
I have an idea using a local DNS:
- I own a key and a trusted SSL certificate (LetsEncrypt) for
offline.mydomain.com - There is a DNS server in the offline WiFi network that points all DNS addresses to my application server
- All certificates and CRLs from the
offline.mydomain.comSSL certificate’s trust chain are downloaded to the application server and they can be accessed on the paths defined in certificates’ CDP and AIA - The application server claims to be running on
https://offline.mydomain.com(and the DNS server pointsoffline.mydomain.comto the application server)
The whole flow would be:
- Client:
GET https://offline.mydomain.com/app - DNS:
offline.mydomain.comis on the IP of the application server - My application server: here is the HTML
- …
- Client:
GET http://crl.ca.com/crls/ca.crl - DNS:
crl.ca.comis on the IP of the application server - My application server: here is the CRL
- …
- Client:
GET http://certificate.ca.com/certs/ca.cer - DNS:
certificate.ca.comis on the IP of the application server - My application server: here is the certificate
- …
However, I don’t understand networking that much.
Would the DNS part be possible?
- Can I make the clients use my local DNS without configuring them manually?
- How much would the clients be confused after connecting back to the real internet?
- Will smartphones connect to a WiFi that is not connected to the internet?
