我一直在研究如何使用mDNS从JavaScript应用程序中发现服务。其基本思想是向exampleservice.local发出Ajax请求,并使其返回带有相关信息的JSON。
由于应用程序是通过HTTPS加载的,所以任何Ajax请求都必须使用HTTPS(以避免非安全内容警告等)。但是,从2015年11月起,将不可能获得为.local域颁发的可信CA证书。
考虑到上面的限制,是否有方法可以将HTTPS与mDNS一起使用,而不涉及用户信任自签名证书?
mDNS is for names local to the network. Globally issued certificates are for names on the internet and can not be used for local names, because there contrary to a globally unique name on the internet local names can be the same in different local networks and thus there is no real owner of the name which can claim a global certificate for it.
This means that you can not use the global trust settings (i.e. root CA) available in the browser, but must instead add local trust settings. This can be done by having your own local root CA and trust it within all browsers on the local network or by using self-signed certificates which need to be explicitly trusted by each user.
Apart from that just imagine that other developers have the same kind of idea. This would mean that there will be several independent certificates for the same local names, because they are all inside different local networks. So using mDNS names together with https will only make sense in local installation without any kind of mobile clients.