This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi.
today all my URLs are public and we use public certificates.
Some of these URLs that are public, but not accessed externally, we will now configure only internally in our application, that is, they will look like this:
Today: site.company.com
After: site.domainweb.local
These internal URLs need a certificate (https), so I'm thinking of installing an Enterprise CA.
I have a primary zone in my local DNS (domain.local) called (domainweb.local) just to register these URLs.
My question is that I don't want to use Enterprise CA for my domino only (domain.local), I want to create certificates for also (domainweb.local).
Can I generate certificates for internal URLs for the domain (domainweb.local) installed on the domain (domain.local)?
If not, what configuration do you need to do to make it work?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Hi @Salves
This problem is related to windows-server-security and has nothing to do with IIS. So I removed the IIS tag to help you better locate the problem. Thanks for understanding.
Hi @Salves
My first comment is if your new domain is .local, then be careful with Apple based devices, as they will not be able to access this domain, as .local is reserved as defined in the DNS RFCs.
If you install a Microsoft Enterprise CA, it can be used to sign domains that are not the same as the domain name of the AD. The CRT file or request just needs to include the required URL that the CA will sign.
Gary.
Hi @Gary Reynolds ,
I understand, I think this will not be the case because the frontend server will connect to these URLs. They are not end users. So it's all windows.
Regarding the domain, perfect. I believe that I will achieve my goal.
Today I have several public URLs, that is, the frontend sites consult the backend sites (frontend authorized access only). That is, the URLs perform many hops to the internet unnecessarily, so I will take these queries from backend URLs to my local DNS.
But as they are all HTTPS I need to use a local certificate, so I will create a local domain that I can use in any region of the world as it will be standardized in all local DNS.
Thanks.