No, as @JimB told you, TLS can't work without certificates.
The reasoning is simple: TLS is all about security, and certificates are cryptographic keys which provide that security (TLS uses a so-called "asymmetric cryptography" where each party has a key pair consisting of a private and public parts; the public part is what get sent to another party when doing a TLS handshake).
But on the other hand the security TLS provides is two-fold:
- It provides mutual authentication of the parties participating in the exchange.
- It provides encryption of the transmission channel.
Certificates are used for both aspects: the fact they contain cryptographic keys is used for (2), and the fact they have owner's identity encoded in them (and verified by whoever was issued a particular cercificate( is used for (1).
Let me not digress into discussing how (1) works in detail (though I truly urge you to read some theory on it) but (1) is what you actually want to sidestep.
The good (for you) thing is that it's cheaply doable:
- The TLS clients can be told to not verify the server's identity.
- The TLS servers can be told to do the same (and often it's the default mode they operate in—which is typical for regular websites for instance).
- You can create a so-called self-signed certificate for your TLS server.
The latter requires nothing but something which is able to generate
OpenSSL is typically used for this;
just google for it.
If you're on Debian or Debian derivative (like Ubuntu, Mint etc)
consider installing the
ssl-cert package and using
make-ssl-cert program it provides.