0

I am building a golang offline application for a company that will operate in their office internal Wireless / Wired Network.

There will be one server computer and many client computers communicating over the network. (They are not connected to the Internet).

How should I encrypt the HTTP communication between the clients and the server so that the data is not vulnerable to any attackers who might be snooping on the network?

  • See https://security.stackexchange.com/questions/121163/how-do-i-run-proper-https-on-an-internal-network – mti2935 Aug 21 '21 at 15:47

1 Answers1

2

Deploy the application with a digital certificate that is trusted by all of the client systems. That way, you can just use HTTPS to perform the encryption.

The best way to do this is by setting up your own internal certificate authority (CA) within the network, and then installing the root CA certificate on all the clients.

But if it's a small one off project, you could just manually install the specific certificate on the client systems.

amon
  • 1,068
  • 7
  • 9
Gh0stFish
  • 4,664
  • 14
  • 15