内部使用的 HTTPS 证书 [英] HTTPS Certificate for internal use

问题描述

我正在为一个系统设置网络服务器，该系统需要仅通过 HTTPS 在内部网络(无法从外部访问)

I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)

现在我用自签名证书设置了它，它工作正常，除了一个令人讨厌的警告，所有浏览器都启动了，因为用于签署它的 CA 机构自然不受信任.

Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted.

访问由在本地 DNS 服务器上解析的本地 DNS 域名提供(例如:https://myapp.local/)，将该地址映射到 192.168.xy

Access is provided by a local DNS domain name resolved on local DNS server (example: https://myapp.local/), that maps that address to 192.168.x.y

是否有一些提供商可以为我颁发用于内部域名 (myapp.local) 的正确证书?还是我唯一的选择是在真实域上使用 FQDN，然后将其映射到本地 IP 地址?

Is there some provider that can issue me a proper certificate for use on an internal domain name (myapp.local)? Or is my only option to use a FQDN on a real domain, and later map it to a local IP address?

注意:我想要一个不需要在每个浏览器上将服务器公钥标记为受信任的选项，因为我无法控制工作站.

Note: I would like an option where it's not needed to mark the server public key as trusted on each browser, as I have not control over workstations.

推荐答案

我做了以下工作，对我来说效果很好:

I did the following, which worked nicely for me:

我获得了 *.mydomain.com 的通配符 SSL 证书(例如，Namecheap 以低廉的价格提供此证书)

I got a wildcard SSL cert for *.mydomain.com (Namecheap, for example, provide this cheaply)

我在mybox.local"创建了一个指向mybox.mydomain.com"的 CNAME DNS 记录.

I created a CNAME DNS record pointing "mybox.mydomain.com" at "mybox.local".

我希望这会有所帮助 - 不幸的是，您需要为您的域名支付通配符证书的费用，但您可能已经拥有了.

I hope that helps - unfortunately you'll have the expense of a wildcard cert for your domain name, but you may already have that.

这篇关于内部使用的 HTTPS 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！