Web Configuration page - Should I bother with TLS/SSL?

[djnz]

One way to do this would be to setup your own Certificate Authority (CA) and use that to issue certs to your gadgets. The technician's laptop will need to have this CA cert added as a trusted CA (root authority). The advantage of this is that once you install the CA cert on the laptop, browsers will treat your gadget's certificates as proper ones issued by commercial CAs (not self-signed "snakeoil" ones), and you also get to decide cert lifetimes and save on cert charges.

[lty1993]

You can get a SSL certificate for bare IP from a trusted CA. However, you have to have that IP registered in your name from RIR (ARIN / RIPE / APNIC / AFRNIC / Etc).

I luckily had few IP subnets allocated from ARIN and RIPE, and I did actually get a bare IP certificate from a tursted CA few years ago.

[lty1993]

In my opinion, I will deploy all my products which will be used in remote locations with a dedicated network device, such as Cisco ISR 819, or Mikrotik mAP. All the security stuff (IPSec / VPN / Firewall) are handled by network devices, then I can safely use plain protocol on the actual product.