It's amazingly easy to setup SSL for Central using Let's Encrypt. But sometimes a user wants to deploy in an offline or disconnected environment. Related:
- Odk Collect with Custom Certificate: Android 5 (works), Android 7,8 (fails)
- SSL issue with Central on my internal network
- Selfsign certificate with latest Central
For Portable OpenStreetMap (POSM), we just go without SSL. The hardware is intended to be turned on when needed (not left unattended and running), so we operate under the assumption that the network wifi password is enough. And usually, the device is being used to collet open map data and so the data risks involved are low.
The Carter Center and @tomsmyth have done something cool with NEMO/ELMO using a small linux computer and a router running OpenWRT. They use a pre-purchased SSL certificate (a wildcard if setting up multiple field servers).
It would be great to have some options/guidance around setting up Central on a disconnected network or portable hardware. In addition to SSL issues, there would need to be user management that doesn't depend on email?