You can issue a certificate to multiple Subject Alternative Names (e.g. localhost
, machine001.local
and 192.168.0.15
). Note that, for IP addresses, the SAN must be of type IP address. Most tools that let you do this will let you specify the type (XCA is one of them for example).
I'm not sure how your co-worker can access your machine if it doesn't have either an internal host name or a static IP address. Perhaps you could use something like mDNS to give it a .local
name anyway. Alternatively, you can use dynamic DNS services. They would also work even if they resolve the DNS to an IP address that is only routed on your LAN.
Ideally (since you don't want to use a commercial CA), you should create a CA (again, XCA can help) and distribute your CA certificate to your co-workers. In this case you wouldn't even have to add exceptions.
Having a certificate that matches any IP address or hostname wouldn't work. You normally can't have wildcards with IP addresses, and most browsers require more than one "label". Some implementations even make sure you have enough to fall within the scope of an actual domain (e.g. *.something.com
or *.something.co.uk
).
(Some browsers would let you add exceptions that also comprise the name mismatch (Firefox is one of them), so in this case, the names are not particularly relevant.)