HTTPS内部使用的证书 [英] HTTPS Certificate for internal use
问题描述
我要在内部网络(无法从外部访问)中通过HTTPS为需要使用仅的系统设置网络服务器
I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)
现在我使用自签名证书设置它,它工作正常,除了一个令人讨厌的警告,所有的浏览器启动,因为CA当局用来签名它是自然不受信任。
Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted.
访问由本地DNS服务器上解析的本地DNS域名提供(例如: https://myapp.local/ ),将地址映射到192.168.xy
Access is provided by a local DNS domain name resolved on local DNS server (example: https://myapp.local/), that maps that address to 192.168.x.y
给我一个正确的证书,用于内部域名(myapp.local)?或者是在真实域中使用FQDN,然后将其映射到本地IP地址的唯一选项?
Is there some provider that can issue me a proper certificate for use on an internal domain name (myapp.local)? Or is my only option to use a FQDN on a real domain, and later map it to a local IP address?
注意:我会像一个选项,它不需要将服务器公钥标记为每个浏览器上的信任,因为我没有控制工作站。
Note: I would like an option where it's not needed to mark the server public key as trusted on each browser, as I have not control over workstations.
推荐答案
您有两个实用选项:
-
站立您自己的CA.
Stand up your own CA. You can do it with OpenSSL and there's a lot of Google info out there.
继续使用自签名证书,但将公钥添加到您的信任certs在浏览器中。如果您在Active Directory网域中,则可以使用群组政策自动完成此操作。
Keep using your self-signed cert, but add the public key to your trusted certs in the browser. If you're in an Active Directory domain, this can be done automatically with group policy.
这篇关于HTTPS内部使用的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
