Certificate Authority for internal URLs

Salves 501 Reputation points
2022-09-05T18:06:12.503+00:00

Hi.

today all my URLs are public and we use public certificates.

Some of these URLs that are public, but not accessed externally, we will now configure only internally in our application, that is, they will look like this:

Today: site.company.com
After: site.domainweb.local

These internal URLs need a certificate (https), so I'm thinking of installing an Enterprise CA.

I have a primary zone in my local DNS (domain.local) called (domainweb.local) just to register these URLs.

My question is that I don't want to use Enterprise CA for my domino only (domain.local), I want to create certificates for also (domainweb.local).

Can I generate certificates for internal URLs for the domain (domainweb.local) installed on the domain (domain.local)?

If not, what configuration do you need to do to make it work?

Thanks.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,543 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2022-09-06T05:31:46.383+00:00

    Hi @Salves

    My first comment is if your new domain is .local, then be careful with Apple based devices, as they will not be able to access this domain, as .local is reserved as defined in the DNS RFCs.

    If you install a Microsoft Enterprise CA, it can be used to sign domains that are not the same as the domain name of the AD. The CRT file or request just needs to include the required URL that the CA will sign.

    Gary.