[simias]

I agree that having an elegant and secure solution to enable HTTPS on non-internet-facing equipment would be nice. I work mainly on embedded devices and all my admin interfaces are over HTTP because there's simply no way to ship a certificate that would work anywhere. It would be nice if you could easily deploy self-signed certificates that would only work for local addresses and only for specific devices, although of course doing that securely and with good UI would be tricky.

In the meantime having big warnings when connecting to these ad-hoc web interfaces makes sense I think, since they can effectively easily be spoofed and MitM'd (LANs are not always secure in the first place so it makes sense to warn the user not to reuse a sensitive password for instance). It's annoying for us embedded devs but I think it's for the greater good.