I created a private CA so I can issue certs for my local devices. It requires importing the ptivate CA on every device that will connect to the #IoT device, but that's just a one time setup.

This approach is only for very technical users. StepCA is making it at least a little better, but they are really targeting people who already have a very good understanding of how to run your own Public Key Infrastructure (#PKI). They gocus on making it easy to do each step as long as you understand all the details that are going on under the hood.

The technical solutions need to improve here if the average person is going to be able to use HTTPS on local devices.

I think there are two reasons this issue hasen't received much attention:

1. Corporations want people to use their clouds, and they are not going to pay anyone to develop to create alternatives to what they want users to do

2. Open source project don't want to dedicate time solving this problem because it's not the fun problem to solve. The fun part is making the gadget and telling people to not use HTTPS or to click through any warnings they get. Plus most people don't have DNS names for their devices anyway.

It's honestly a hard problem for the open source community to solve.

The best place to solve this, in my opinion, would be OpenWRT. They could get a publicly acceptable cert for any DNS name that points to their IP address and allow the user to download it from their router and upload it to their IoT device. It is still only available to power users who can manage both public and local DNS systems, but it'd at least be a step closer. I don't know if they already have something like that, as I had already gone the Private CA route before I thought of this.