Local Domain Certificate

oguz · December 25, 2020, 8:19pm

Hi. First of all I apologize for my bad English. I have a domain and dns server in my internal network. I am using .local as a TLD. It does not broadcast to the outside world. I want to certify all my services included in the domain. I used OpenSSL and Windows Certification server. But chorme etc. browsers keep warning. I was only able to make the certificate valid on explorer.

In summary, how can I get certificates for services in Active Directory structure. The reason I want this is to hide my communication with my services when I use vpn in different locations.

JuergenAuer · December 25, 2020, 8:25pm

Hi @oguz

simple answer: You can't, if your top level domain is .local.

A worldwide unique, public visible domain name is required if you want to create a certificate with that domain name.

So your general idea can't work.

Start there:

oguz · December 25, 2020, 8:27pm

Thank you for the answer. I know. But is it not possible for me to install a certificate server on the local network and register in this way?

oguz · December 25, 2020, 10:54pm

Yes I knew it could be done. A RootCA server is installed on the internal network and signing can be done. Related article;

griffin · December 25, 2020, 11:04pm

Nothing stops you from getting a certificate for a publicly-visible domain name then installing that certificate on a local server. If you use a dns-01 challenge to prove control over the domain name, the server using the certificate can even have a local IP address (e.g. 192.168.0.2), so long as the DNS servers answering for the domain name are publicly accessible.

Running your own CA is a rather extreme solution. I mean, if it works for you, fantastic though.