I’m working on a web application running on a server. There will be clients (smartphone browsers) connecting to the server via HTTPS over a WiFi that wouldn’t be connected to the internet. It would mostly be used for 1-day events.
The problem: Is it possible to have HTTPS without the internet?
- We cannot add any certificates to the clients’ truststores. Neither can we configure the clients in any other way. Clients will be random people visiting the event
- The clients cannot access the internet to verify CRL/OCSP. There just might be no internet connection
I have an idea using a local DNS:
- I own a key and a trusted SSL certificate (LetsEncrypt) for
offline.mydomain.com
- There is a DNS server in the offline WiFi network that points all DNS addresses to my application server
- All certificates and CRLs from the
offline.mydomain.com
SSL certificate’s trust chain are downloaded to the application server and they can be accessed on the paths defined in certificates’ CDP and AIA - The application server claims to be running on
https://offline.mydomain.com
(and the DNS server pointsoffline.mydomain.com
to the application server)
The whole flow would be:
- Client:
GET https://offline.mydomain.com/app
- DNS:
offline.mydomain.com
is on the IP of the application server - My application server: here is the HTML
- …
- Client:
GET http://crl.ca.com/crls/ca.crl
- DNS:
crl.ca.com
is on the IP of the application server - My application server: here is the CRL
- …
- Client:
GET http://certificate.ca.com/certs/ca.cer
- DNS:
certificate.ca.com
is on the IP of the application server - My application server: here is the certificate
- …
However, I don’t understand networking that much.
Would the DNS part be possible?
- Can I make the clients use my local DNS without configuring them manually?
- How much would the clients be confused after connecting back to the real internet?
- Will smartphones connect to a WiFi that is not connected to the internet?