I have an intranet website that requires an SSL Certificate. From what I've seen it seems like this is difficult to accomplish or cumbersome. Would I be able to buy an SSL certificate if there is an external dns which points to the internal IP address. I understand that it won't resolve if the user is not connected to the internal network. I just want to easily buy an SSL Certificate. Is this even possible?
Asked
Active
Viewed 1,109 times
1
-
1Possible duplicate of [Let's Encrypt for intranet websites?](https://security.stackexchange.com/questions/103524/lets-encrypt-for-intranet-websites) – yeah_well Jul 24 '19 at 03:24
-
1Not a duplicate. While Let's Encrypt requires a valid, existing hostname, that's not true for every CA, and OP is willing to **buy** the certificate. – Esa Jokinen Jul 24 '19 at 04:35
-
Thank you! that link is helpful although I think my question is a bit different for the reasons above. – Jay P Jul 24 '19 at 22:10
-
Have you looked into setting up your own PKI internally so that this isn't necessary? – multithr3at3d Jul 25 '19 at 21:49
2 Answers
2
The certificate and DNS record for IP public are irrelevant, you can buy any certificates without publish your sites. All you have to do is to prove you are the owner of that domain by clicking the approval link which send to your domain registration email or a DNS TXT record only.
vdchuyen
- 116
- 1
0
As long as you control DNS, it's trivial, even with Let's encrypt. Simply use DNS validation with LE, and they will happily issue a certificate. The point of this process isn't to ensure that anyone can use your site (that's your problem), but to ensure that noone will get a certificate for sites they don't know.
With many paid certificates, you can validate domain ownership via an e-mail sent to an address registered in the whois information.
As long as it is a valid domain that you own, you should have no problem getting certificates for it, even if it does not resolve.
vidarlo
- 12,850
- 2
- 35
- 47