供内部使用的 HTTPS 证书 [英] HTTPS Certificate for internal use

问题描述

我正在为需要仅通过 HTTPS 在内部网络上使用的系统设置网络服务器(无法从外部访问)

I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)

现在我用自签名证书设置了它，它工作正常，除了一个令人讨厌的警告，所有浏览器都会启动，因为用来签名它的 CA 机构自然是不受信任的.

Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted.

访问由本地 DNS 服务器上解析的本地 DNS 域名提供(例如:https://myapp.local/)，将地址映射到 192.168.xy

Access is provided by a local DNS domain name resolved on local DNS server (example: https://myapp.local/), that maps that address to 192.168.x.y

是否有一些提供商可以为我颁发适当的证书以用于内部域名 (myapp.local)?还是我唯一的选择是在真实域上使用 FQDN，然后将其映射到本地 IP 地址?

Is there some provider that can issue me a proper certificate for use on an internal domain name (myapp.local)? Or is my only option to use a FQDN on a real domain, and later map it to a local IP address?

注意:我想要一个不需要在每个浏览器上将服务器公钥标记为受信任的选项，因为我无法控制工作站.

Note: I would like an option where it's not needed to mark the server public key as trusted on each browser, as I have not control over workstations.

推荐答案

我做了以下，对我来说效果很好:

I did the following, which worked nicely for me:

我获得了 *.mydomain.com 的通配符 SSL 证书(例如，Namecheap 以低廉的价格提供此证书)

I got a wildcard SSL cert for *.mydomain.com (Namecheap, for example, provide this cheaply)

我创建了一条 CNAME DNS 记录，将mybox.mydomain.com"指向mybox.local".

I created a CNAME DNS record pointing "mybox.mydomain.com" at "mybox.local".

希望对您有所帮助 - 不幸的是，您需要为您的域名购买通配符证书，但您可能已经拥有了.

I hope that helps - unfortunately you'll have the expense of a wildcard cert for your domain name, but you may already have that.

这篇关于供内部使用的 HTTPS 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！