Thanks for the old thread.
There was a post from Ondrej Caletka asking for any ideas how to get rid of the browser warning.
I have actually implemented a solution few years back on some local webapplication - not turris.
This is a way how to get browser to accept cert without warnings that does not rely on any existing cert authority
I believe a way to fix this for turris team using my approcach would be
- generate root ca
- generate certificate with hostname as name and subject alternative name matching the IP address (can be multiple)
- user must add the root ca to browser
- if ip of the router changes, it must regenerate the issued certificate
I would not do this at home, using letsencrypt is better if that is an option